On 07/26/2017 10:01 PM, Joseph Tam wrote:> Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
>
>> And I have a new one just for "unknown user" and here my
bantime and findtime
>> are much bigger and the retries are just '2'. So here I'm
much harsher.
>> I'll keep an eye on my logs and maybe some more twaeking is
necessary.
>
> Just be careful about typos (like twaeking!): users could simply misspell
> their username, or get mixed up with some another account or alias.
> This is why I favour targetting known bad accounts, not merely accounts
> that don't exist.
Joseph,
but how often do you have to type your username ?
Only on the initial config of your mailer. After that
you are done. Exception is my webmail server.
But that IP is of course on the "ignoreip" list of fail2ban.
Otherwise it would be very easy to trigger a DOS without
much effort.
So this is why I decided to use two distinct jails with
different policies. It seems to work reasonable well.
Regards, Olaf
--
Karlsruher Institut f?r Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakult?t f?r Informatik
Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -
Am Fasanengarten 5, Geb?ude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: Olaf.Hopp at kit.edu
atis.informatik.kit.edu
www.kit.edu
KIT ? Die Forschungsuniversit?t in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5304 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20170727/e37c234e/attachment-0001.p7s>