ot: how to block persistent same invalid account, different IPs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ot: how to block persistent same invalid account, different IPs

Joseph Tam-2
"Voytek Eymont" <[hidden email]>

> I've installed fail2ban, it seems to be working as it identified my failed
> test logins, BUT, my question is:
>
> what can I do when I see same invalid name trying to login to dovecot,
> different IP each time, how can I say block each IP as used by this name ?

If each IP is only used once in a long while, what would be the point?

In general, distributed attacks are very hard to stop if you have a
default accept stance.  I've observed that most of the attacks to my site
are from the enormous Chinese stated owned public network superblocks.
I finally got sick of them so I now spiral these IMAP/POP connections
into the Scharwzschild radius of my firewall.

It's a prophylactic measure and not a reactive system like fail2ban, and
may not work for you if you got road warriors that frequent that part
of the world.  However, it did get rid of a metric ton of BFD connections.

Joseph Tam <[hidden email]>