Recommendations on intrusion prevention/detection?

Plutocrat plutocrat at gmail.com
Thu Apr 23 04:57:17 EEST 2020


On 22/04/2020 20.29, Johannes Rohr wrote:
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?

I'd generally set up a short ban on logins originally, and then a second, longer ban for 'repeat offenders'. You basically look through the fail2ban log, and if an IP has been banned, say, 5 times in 24 hours, then you ban it for a much longer time.

Here's one example. There are others. 
https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning

P.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200423/cd8f7da4/attachment.sig>


More information about the dovecot mailing list