On 11.04.2019 13:25, James via dovecot wrote:
On 11/04/2019 11:43, Marc Roos via dovecot wrote:
A. With the fail2ban solution
- you 'solve' that the current ip is not able to access you
It is only a solution if there are subsequent attempts from the same
address. I currently have several thousand addresses blocked due to
dovecot login failures. My firewall is set to log these so I can see
that few repeat, those that do repeat have intervals of >1 week.
Blocking these has minimal effect (other than to clog fail12ban and the
firewall).
- it will continue bothering other servers and admins
Which is why a dnsbl for dovecot is a good idea. I do not believe the
agents behind these login attempts are only targeting me, hence the
addresses should be shared via a dnsbl.
Probably there's an existing solution for both problems (subsequent
attempts and dnsbl):
https://github.com/PowerDNS/weakforced
It was also discussed recently on this list:
https://www.dovecot.org/list/dovecot/2019-March/114921.html
Has already been on my personal todo list for some time, so I have no
experience how (good) it actually works.
Best,
Anton
