under some kind of attack
Robert Schetterer
rs at sys4.de
Thu Jul 20 21:47:45 EEST 2017
Am 20.07.2017 um 20:03 schrieb mj:
> Hi Robert,
>
>> i dont understand why you focused on that ldap strings
>> fail2ban should trigger on some "Authentication failure" regex in the
>> related syslog
>>
>> perhaps this will help to make it more clear
>>
>> http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot
>
> Yes, but I have that as well. :-)
>
> I wanted two kinds of blockings:
>
> #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e,
> etc, etc) to become blocked *immediately* and for *always*.
>
> #2: I wanted all others have to have the 'regular' settings, with three
> shots at typing a password, etc.
>
> #2 being the 'regular fail2ban' settings, but during this attack, I
> wanted special settings, #1, for anyone trying one of the malicious
> passwords.
>
> I did NOT want to have them the usual three opportunities to try.
>
> In fact: this is a bit similar to your iptables solution, but that only
> works for non-ssl/non-tls connections.
>
> Your iptables solution makes sure that thy cannot authenticate *at all*,
> while the above solution makes sure they can only authnticate *once*.
>
> MJ
Ok I understand, not a bad idea, report how it works for you
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list