On 08/03/2025 04:13, Kai 'wusel' Siering via mailop wrote:
Am 07.03.25 um 10:46 schrieb Marco Moock via mailop:
Am 06.03.2025 um 15:27:54 Uhr schrieb mailop--- via mailop:
6. If auth failed it drops message, but says it was delivered
Slowing down stuff is also nasty in my opinion. I use fail2ban and if
too many failed login attempts are being logged, the IP will be banned
for some hours.
So you're not using IPv6 yet? Facing a /64, how many failures of
a single IP should trigger a ban? For v4, sure, after 3 failures
blocking that v4 address for 86400 secs is kind of ok-ish. But
with v6, 3 failures per /56 should cause a block of that /56,
optionally even the /48. And I don't see that implemented in
fail2ban.
I read that since v0.10 fail2ban supports the matching of IPv6
addresses. I don't use it, so I don't know how it works.
Ipqbdb, which is somewhat similar to fail2ban, but fuzzier, extends IPv6
ranges dynamically, according to frequency and severity.
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
