Am 07.03.25 um 10:46 schrieb Marco Moock via mailop:
Am 06.03.2025 um 15:27:54 Uhr schrieb mailop--- via mailop:
6. If auth failed it drops message, but says it was delivered
[…]
Slowing down stuff is also nasty in my opinion. I use fail2ban and if
too many failed login attempts are being logged, the IP will be banned
for some hours.
So you're not using IPv6 yet? Facing a /64, how many failures of
a single IP should trigger a ban? For v4, sure, after 3 failures
blocking that v4 address for 86400 secs is kind of ok-ish. But
with v6, 3 failures per /56 should cause a block of that /56,
optionally even the /48. And I don't see that implemented in
fail2ban. I think with v6, new approaches are needed, and good old
tarpiting might be one of them. (OTOH, after 65k connections one
runs out of local sockets, thus maybe tarpiting isn't such a good
idea with IPv6 after all ...)
Ciao,
-kai
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
