On 1/8/22 8:26 AM, dc...@dvl.werbittewas.de wrote:
trying to mess with other peoples' stuff. I run fail2ban to catch those
log entries and block the source IP address for a month on the first
failed login. At any one time I have between 12,000 and 15,000
well, I don't know how _your_ users are connected to the internet, but
in germany most people has at least daily changing IPs out of larger
pools (when connected via xDSL) or even sometimes shares ip-addresses
with others (when connected via tv-cable or mobile - having a private
network-address, which is natted), so it's possible to get/use an IP,
which was used before by some script-kiddies...
Obviously. However, my users are nearly all on static IP addresses.
btw.: setting up a new mail-client and making any mistake by reading it
from old install or writing it into new install also leads to a
months-blocking with above restrictive handling...
(any may drive this user mad)
Again, "obviously". May mail server is not new; I was not the OP on
this thread who came here looking for help.
so anyone, who has no experience with blocking should be really careful
with it.
That's good advice for everything, not just blocking. My first
experience with blocking was on a Cisco AGS in 1994, buddy. Not a n00b.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
