Recommendations on intrusion prevention/detection?
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Apr 22 15:34:42 EEST 2020
> On 22/04/2020 15:29 Johannes Rohr <johannes at rohr.org> wrote:
>
>
> Dear all,
>
> what are the key strategies for intrusion prevention and detection with
> dovecot, apart from installing fail2ban?
> It is a pity that the IMAP protocol does not support 2 factor
> authentication, which seems to stop 90% of intrusion attempts in their
> tracks. Without it, if someone has obtained your password and reads your
> mail without modifying it, you will hardly ever notice.
>
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?
>
> Cheers,
>
> Johannes
One suggestion is to use dovecot's auth policy feature, which works with e.g. weakforced to apply such restrictions.
Aki
More information about the dovecot
mailing list