On 21/07/2017 04:03, mj wrote:
Hi Robert,
i dont understand why you focused on that ldap strings
fail2ban should trigger on some "Authentication failure" regex in the
related syslog
perhaps this will help to make it more clear
http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot
Yes, but I have that as well. :-)
I wanted two kinds of blockings:
#1: Everybody trying the well-known passwords (password, 123321, 1q2w3e,
etc, etc) to become blocked *immediately* and for *always*.
This can be very tricky at times and you may actually hit quite a few
legit users who are using weak passwords and have forgotten / mistyped
them by accident. Seen this enough times and the amount of support
required to make a sloppy & lazy customer happy again isn't always
trivial. If they're few and far apart you can live with it, otherwise
you'll have to reevaluate it :)
Adi Pircalabu
