I have PFSense too and it rocks!
> On Apr 22, 2020, at 14:52, byal...@yahoo.com.br wrote:
>
> Usually I use pfsense as main firewall with snort blocking all kind of scans
> and others.
>
> Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux
> or ipfw If Freebsd
>
> Keep pfsense synced with intrusion lists is an must have.
>
> And for last, bans are not temporary on my setup, are forever, except if an
> real user after validate his info / data calls to unblock him.
>
> There's some guides around about deal with post screen, but never get that
> working... RBL and spamhaus lists on mail server and on DNS are another must
> have.
>
> Good luck
>
> Atenciosamente,
>
>
>
>
> Alexandre Fernandes Pedrosa
>
>
> -------
> Visite: https://alexandrepedrosa.com
>
>
> PGP Key: https://alexandrepedrosa.com/keys/0xE830E3336A873BE6.asc
>
> Fingerprint: 4D63 0DEC FDA4 A8D3 DF75 94DB E830 E333 6A87 3BE6
>
>
> Esta mensagem incluindo seus anexos tem caráter confidencial e seu conteúdo
> restrito ao destinatário da mensagem. Se você recebeu esta mensagem por
> engano, queira por favor retornar o e-mail e apagá-la de seus arquivos.
>
> Qualquer uso não autorizado ou disseminação desta mensagem ou parte dela é
> expressamente proibido.
>
>
> Note: "The contents of this e-mail are confidential and may be privileged.
>
> This e-mail is intended for the exclusive use of the addressee(s) state under.
>
> If you are not the intended addressee, please contact us immediately and
> delete this message from your computer, you should not copy this e-mail or
> disclose its contents to any other person."
>
> Em 22 de abr de 2020 09:29, Johannes Rohr <johan...@rohr.org> escreveu:
> Dear all,
>
> what are the key strategies for intrusion prevention and detection with
> dovecot, apart from installing fail2ban?
> It is a pity that the IMAP protocol does not support 2 factor
> authentication, which seems to stop 90% of intrusion attempts in their
> tracks. Without it, if someone has obtained your password and reads your
> mail without modifying it, you will hardly ever notice.
>
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?
>
> Cheers,
>
> Johannes
>
>
>
>
