under another kind of attack
Olaf Hopp
Olaf.Hopp at kit.edu
Thu Jul 27 10:46:36 EEST 2017
On 07/26/2017 10:01 PM, Joseph Tam wrote:
> Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
>
>> And I have a new one just for "unknown user" and here my bantime and findtime
>> are much bigger and the retries are just '2'. So here I'm much harsher.
>> I'll keep an eye on my logs and maybe some more twaeking is necessary.
>
> Just be careful about typos (like twaeking!): users could simply misspell
> their username, or get mixed up with some another account or alias.
> This is why I favour targetting known bad accounts, not merely accounts
> that don't exist.
Joseph,
but how often do you have to type your username ?
Only on the initial config of your mailer. After that
you are done. Exception is my webmail server.
But that IP is of course on the "ignoreip" list of fail2ban.
Otherwise it would be very easy to trigger a DOS without
much effort.
So this is why I decided to use two distinct jails with
different policies. It seems to work reasonable well.
Regards, Olaf
--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik
Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -
Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: Olaf.Hopp at kit.edu
atis.informatik.kit.edu
www.kit.edu
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5304 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20170727/e37c234e/attachment-0001.p7s>
More information about the dovecot
mailing list