Am 20.07.2017 um 20:03 schrieb mj: > Hi Robert, > >> i dont understand why you focused on that ldap strings >> fail2ban should trigger on some "Authentication failure" regex in the >> related syslog >> >> perhaps this will help to make it more clear >> >> http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot > > Yes, but I have that as well. :-) > > I wanted two kinds of blockings: > > #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e, > etc, etc) to become blocked *immediately* and for *always*. > > #2: I wanted all others have to have the 'regular' settings, with three > shots at typing a password, etc. > > #2 being the 'regular fail2ban' settings, but during this attack, I > wanted special settings, #1, for anyone trying one of the malicious > passwords. > > I did NOT want to have them the usual three opportunities to try. > > In fact: this is a bit similar to your iptables solution, but that only > works for non-ssl/non-tls connections. > > Your iptables solution makes sure that thy cannot authenticate *at all*, > while the above solution makes sure they can only authnticate *once*. > > MJ
Ok I understand, not a bad idea, report how it works for you Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
