Recommendations on intrusion prevention/detection?

Remo Mattei Remo at rm.ht
Thu Apr 23 00:54:34 EEST 2020 

 I have PFSense too and it rocks! 

> On Apr 22, 2020, at 14:52, byalefp at yahoo.com.br wrote:
> 
> Usually I use pfsense as main firewall with snort blocking all kind of scans and others.
> 
> Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If Freebsd
> 
> Keep pfsense synced with intrusion lists is an must have.
> 
> And for last, bans are not temporary on my setup, are forever, except if an real user after validate his info / data calls to unblock him.
> 
> There's some guides around about deal with post screen, but never get that working... RBL and spamhaus lists on mail server and on DNS are another must have.
> 
> Good luck
> 
> Atenciosamente,
> 
> 
> 
> 
> Alexandre Fernandes Pedrosa
> 
> 
> -------
> Visite: https://alexandrepedrosa.com
> 
> 
> PGP Key: https://alexandrepedrosa.com/keys/0xE830E3336A873BE6.asc
> 
> Fingerprint: 4D63 0DEC FDA4 A8D3 DF75  94DB E830 E333 6A87 3BE6 
> 
> 
> Esta mensagem incluindo seus anexos tem caráter confidencial e seu conteúdo restrito ao destinatário da mensagem. Se você recebeu esta mensagem por engano, queira por favor retornar o e-mail e apagá-la de seus arquivos.
> 
> Qualquer uso não autorizado ou disseminação desta mensagem ou parte dela é expressamente proibido.
> 
> 
> Note: "The contents of this e-mail are confidential and may be privileged.
> 
> This e-mail is intended for the exclusive use of the addressee(s) state under.
> 
> If you are not the intended addressee, please contact us immediately and delete this message from your computer, you should not copy this e-mail or disclose its contents to any other person."
> 
> Em 22 de abr de 2020 09:29, Johannes Rohr <johannes at rohr.org> escreveu:
> Dear all,
> 
> what are the key strategies for intrusion prevention and detection with
> dovecot, apart from installing fail2ban?
> It is a pity that the IMAP protocol does not support 2 factor
> authentication, which seems to stop 90% of intrusion attempts in their
> tracks. Without it, if someone has obtained your password and reads your
> mail without modifying it, you will hardly ever notice.
> 
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?
> 
> Cheers,
> 
> Johannes
> 
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200422/a20a3dff/attachment.html>

More information about the dovecot mailing list