On Tue, 18 Jul 2017, dovecot-request at dovecot.org wrote:
> Thanks for the quick follow-ups! Much appreciated. After posting this, I
> immediately started working on fail2ban. And between my initial posting
> and now, fail2ban already blocked 114 IPs.
>
> I have fail2ban with maxretry=1 and bantime=1800
>
> However, it seems almost all IPs are different, and I don't think I can
> keep the above settings permanently.
Why not? Limited by firewall rules overload? You could probably use
a persistent DB, can't you?
You can also use a third party RBL that specialized in brute forcers like
blocklist.de. You can also feed back fail2ban data and crowdsource BFD
data to them.
Joseph Tam <jtam.home at gmail.com>