One more important thing is to educate the users to not click on any unknown links because many a times spammers get hold of the account by the way of phishing emails.
Fail2ban works in case there are brute force attempts. but if the password is valid then the server will authenticate. On Mon, Apr 25, 2022 at 12:38 PM Laura Smith < n5d9xq3ti233xiyif...@protonmail.ch> wrote: > > ------- Original Message ------- > On Monday, April 25th, 2022 at 05:26, ミユナ <al...@coakmail.com> wrote: > > > do you know how to stop passwords from being brute-forced for a > > mailserver? do you have any practical guide? > > > > Simple. You've got two options: > > a) Use strong passwords (and if you run an automated password changing > system, enforce strong passwords) > > b) Use client-certificate authentication > > Stuff like fail2ban is for the lazy. You should be focusing on solving the > underlying cause of the problem, i.e. using one of the two options above. > > The problem with stuff like fail2ban is that you are basically playing > whack-a-mole. IP address blocking simply does not work 2022, attackers > have too many options (i.e. they can hop between cloud providers, they can > use IPv6 to give them massive ranges to play with etc. etc.). >
