banning, was Re: Non-user logins?

Dave McGuire mcguire at neurotica.com
Sat Jan 8 16:22:30 UTC 2022


On 1/8/22 8:26 AM, dc-ml at dvl.werbittewas.de wrote:
>> trying to mess with other peoples' stuff.  I run fail2ban to catch those
>> log entries and block the source IP address for a month on the first
>> failed login.  At any one time I have between 12,000 and 15,000
> 
> well, I don't know how _your_ users are connected to the internet, but
> in germany most people has at least daily changing IPs out of larger
> pools (when connected via xDSL) or even sometimes shares ip-addresses
> with others (when connected via tv-cable or mobile - having a private
> network-address, which is natted), so it's possible to get/use an IP,
> which was used before by some script-kiddies...

   Obviously.  However, my users are nearly all on static IP addresses.

> btw.: setting up a new mail-client and making any mistake by reading it
> from old install or writing it into new install also leads to a
> months-blocking with above restrictive handling...
> (any may drive this user mad)

   Again, "obviously".  May mail server is not new; I was not the OP on 
this thread who came here looking for help.

> so anyone, who has no experience with blocking should be really careful
> with it.

   That's good advice for everything, not just blocking.  My first 
experience with blocking was on a Cisco AGS in 1994, buddy.  Not a n00b.

           -Dave

-- 
Dave McGuire, AK4HZ
New Kensington, PA


More information about the dovecot mailing list