Recommendations on intrusion prevention/detection?
lists
lists at lazygranch.com
Wed Apr 22 18:23:29 EEST 2020
My email server is set up for port 587. I block all email ports other than port 25 from countries that I will not be sending or receiving email. This is really only practical on a personal server. I also have a blocking file of data center IPs. Port 25 is still open to the world but that has to be the case.
Firewalls are a bit ram intensive but not CPU intensive.
I am not saying this is perfect. Rather I have reduced the number of jerks that can access my email. Prior to running my own email server, I used a hosted service. I got hacked from an exploit in roundcube from Morocco. I don't use webmail and while I'm sure Morocco is a fine country, I don't need email access from there. This is why I now run my own email.
Original Message
From: johannes at rohr.org
Sent: April 22, 2020 5:30 AM
To: dovecot at dovecot.org
Subject: Recommendations on intrusion prevention/detection?
Dear all,
what are the key strategies for intrusion prevention and detection with
dovecot, apart from installing fail2ban?
It is a pity that the IMAP protocol does not support 2 factor
authentication, which seems to stop 90% of intrusion attempts in their
tracks. Without it, if someone has obtained your password and reads your
mail without modifying it, you will hardly ever notice.
Is there a reasonable way of detecting and preventing logins from
unusual IP ranges? Or are there other strategies you would recommend?
Cheers,
Johannes
More information about the dovecot
mailing list