Hi
Or use allow_nets (geoip) for dovecot-auth (in mysql) and fail2ban
or
ipset + hashlimit + geoip
or 2fa - It's a bit of fun in configurations
W dniu 25.04.2022 o 12:44, Ludi Cree pisze:
Hi,
Even if fail2ban is “whack a mole”, you could also feed the data on auth
spammers to an abuse-compaint script, and do your part to make the internet a
little cleaner.
And we all know how fabulously well abuse reports have worked with preventing
spam, don't we !!
As I said. Fail2ban is a waste of time whack-a-mole. Sure your logs might be
quieter, but quieter logs does not equal better security !
On a busy gateway fail2ban can easily make the difference between totally
unusable logs and constant high load from brute-forcers - or very well usable
logs and low load from brute-forcers.
It must not be mistaken as a security solution. Fail2ban is a measurement to
significantly reduce the noise.
Abuse reports is a different topic. They are useless if brute-forcers use
facilities friendly to criminals.
Even Gmail does not honor abuse reports, making it the #1 nigeria spam hosting
company.
Greets,
Ludi
--
