detect suspicious logins

[@lbutlr]

> On 19 Dec 2017, at 10:13, Matthew Broadhead <matthew.broadhead at nbmlaw.co.uk> wrote:
> 
> does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account?

Fail2ban can protect email logins. Alerting a user because random IP in Korean Middle School tried to login seems no helpful.

> i suspect it would need to log geo location, device type and ip address to a database.  it seems like a module like this would be very useful

How?

Blacklist failed logins. That protects everyone and doesn't induce panic.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.