under some kind of attack
mj
lists at merit.unu.edu
Thu Jul 20 21:03:15 EEST 2017
Hi Robert,
> i dont understand why you focused on that ldap strings
> fail2ban should trigger on some "Authentication failure" regex in the
> related syslog
>
> perhaps this will help to make it more clear
>
> http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot
Yes, but I have that as well. :-)
I wanted two kinds of blockings:
#1: Everybody trying the well-known passwords (password, 123321, 1q2w3e,
etc, etc) to become blocked *immediately* and for *always*.
#2: I wanted all others have to have the 'regular' settings, with three
shots at typing a password, etc.
#2 being the 'regular fail2ban' settings, but during this attack, I
wanted special settings, #1, for anyone trying one of the malicious
passwords.
I did NOT want to have them the usual three opportunities to try.
In fact: this is a bit similar to your iptables solution, but that only
works for non-ssl/non-tls connections.
Your iptables solution makes sure that thy cannot authenticate *at all*,
while the above solution makes sure they can only authnticate *once*.
MJ
More information about the dovecot
mailing list