under some kind of attack

Joseph Tam jtam.home at gmail.com
Wed Jul 19 00:10:39 EEST 2017


On Tue, 18 Jul 2017, dovecot-request at dovecot.org wrote:

> Thanks for the quick follow-ups! Much appreciated. After posting this, I
> immediately started working on fail2ban. And between my initial posting
> and now, fail2ban already blocked 114 IPs.
>
> I have fail2ban with maxretry=1 and bantime=1800
>
> However, it seems almost all IPs are different, and I don't think I can
> keep the above settings permanently.

Why not?  Limited by firewall rules overload?  You could probably use
a persistent DB, can't you?

You can also use a third party RBL that specialized in brute forcers like
blocklist.de.  You can also feed back fail2ban data and crowdsource BFD
data to them.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list