Mail account brute force / harassment
Marc Roos
M.Roos at f1-outsourcing.eu
Thu Apr 11 14:49:25 EEST 2019
Yes indeed, we have already own dnsbl's for smtp and ssh/ftp access. How
do you have one setup for dovecot connections?
-----Original Message-----
From: James via dovecot [mailto:dovecot at dovecot.org]
Sent: donderdag 11 april 2019 13:25
To: dovecot at dovecot.org
Subject: Re: Mail account brute force / harassment
On 11/04/2019 11:43, Marc Roos via dovecot wrote:
> A. With the fail2ban solution
> - you 'solve' that the current ip is not able to access you
It is only a solution if there are subsequent attempts from the same
address. I currently have several thousand addresses blocked due to
dovecot login failures. My firewall is set to log these so I can see
that few repeat, those that do repeat have intervals of >1 week.
Blocking these has minimal effect (other than to clog fail12ban and the
firewall).
> - it will continue bothering other servers and admins
Which is why a dnsbl for dovecot is a good idea. I do not believe the
agents behind these login attempts are only targeting me, hence the
addresses should be shared via a dnsbl.
More information about the dovecot
mailing list