under some kind of attack
Adi Pircalabu
adi at ddns.com.au
Fri Jul 21 03:38:21 EEST 2017
On 21/07/2017 04:03, mj wrote:
> Hi Robert,
>
>> i dont understand why you focused on that ldap strings
>> fail2ban should trigger on some "Authentication failure" regex in the
>> related syslog
>>
>> perhaps this will help to make it more clear
>>
>> http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot
>
> Yes, but I have that as well. :-)
>
> I wanted two kinds of blockings:
>
> #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e,
> etc, etc) to become blocked *immediately* and for *always*.
This can be very tricky at times and you may actually hit quite a few
legit users who are using weak passwords and have forgotten / mistyped
them by accident. Seen this enough times and the amount of support
required to make a sloppy & lazy customer happy again isn't always
trivial. If they're few and far apart you can live with it, otherwise
you'll have to reevaluate it :)
Adi Pircalabu
More information about the dovecot
mailing list