Recommendations on intrusion prevention/detection?

[Benny Pedersen]

On 2020-04-22 18:45, Sami Ketola wrote:

> Actually by far the biggest source of stolen credentials is
> viruses/trojans harvesting them.

i tryed blacklist all ips that got passwords errors, but that ends in 
big shorewall blrules so i turn it over to just add whitelist into 
blrules where ips is known custommers that dont abuse server, that way 
my shorewall got alot smaller config files to read and no kids from 
outside can abuse logins that way, now i have maked php script that 
monitors where abusers is from without give them access to abused ports

and i have seen the trojans or malware reveal strong passwords loose 
aswell, the battle is only as strong as users using email programs

so for now i see no fails on logins anymore from the only whitelisted 
asn range of trusted custommers ips

i just hope there would be free simple policy server for doevecot not 
only for dovecot oy

we are in same boat all, dont let it sink