mj <li...@merit.unu.edu> wrote:
- for external users, to ONLY be allowed to use an application specific
password. (or username and password, fine as well)
Step one: making ldap password authentication valid only from our
internal network. I though: using allow_nets=192.168.1.0/24 for that passdb
But I can't get that to work. :-( Unsure where exactly to define the
allow_nets, tried many variations on the theme already.
Perhaps someone can help with the step one, and also tell me if the
approach outlined above is smart, valid and do-able in dovecot.
As per my post: checkpassword. You can then use one password on Mondays,
Wednesdays, and Fridays, alternate passwords on Tuesdays and Thursday
fetched from a rot-13 database, and only from prime numbered IP addresses
on weekends, if that's what you want.
Gary Sellani <li...@lazygranch.com> writes:
Not applicable to most installations, but I use geographical filtering
on all ports other than 25. Fine if you are the only user of the email
system.
If you're the only user, moving the IMAP/POP service to a nonstandard port
will do most of that with much less bother, and you won't lock yourself
out, requiring a ssh/edit firewall/reconnect. Been there, done that.
I get one hacker a week trying to guess passwords, and always from Digital
Ocean VPS.
ab...@digitalocean.com is fairly responsive. They usually nuke
them pretty quickly.
I would like to see statistics on the success of such brute force
attacks. They can't be very successful these days.
Even if the success rate is 0.00001%, you can do the arithmetic to see
that's still a huge number of accounts. But you're right, if you have
anything resembling a sensible password policy, they're just a log
bloating nuisance.
Joseph Tam <jtam.h...@gmail.com>
