Recommendations on intrusion prevention/detection?

Aki Tuomi aki.tuomi at open-xchange.com
Wed Apr 22 15:34:42 EEST 2020


> On 22/04/2020 15:29 Johannes Rohr <johannes at rohr.org> wrote:
> 
>  
> Dear all,
> 
> what are the key strategies for intrusion prevention and detection with
> dovecot, apart from installing fail2ban?
> It is a pity that the IMAP protocol does not support 2 factor
> authentication, which seems to stop 90% of intrusion attempts in their
> tracks. Without it, if someone has obtained your password and reads your
> mail without modifying it, you will hardly ever notice.
> 
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?
> 
> Cheers,
> 
> Johannes

One suggestion is to use dovecot's auth policy feature, which works with e.g. weakforced to apply such restrictions.

Aki


More information about the dovecot mailing list