does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful and should exist already? thanks in advance
> On 19 Dec 2017, at 10:13, Matthew Broadhead <matthew.broadhead at nbmlaw.co.uk> wrote: > > does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account?Fail2ban can protect email logins. Alerting a user because random IP in Korean Middle School tried to login seems no helpful.> i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very usefulHow? Blacklist failed logins. That protects everyone and doesn't induce panic. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
On Tue, 19 Dec 2017 17:13:10 +0000 Matthew Broadhead <matthew.broadhead at nbmlaw.co.uk> wrote:> does anyone know of a linux module (maybe similar to fail2ban) that > could be installed which would monitor email logs (sign ins) and > alert the user to any suspicious activity on their account? i > suspect it would need to log geo location, device type and ip address > to a database. it seems like a module like this would be very useful > and should exist already? thanks in advancehttps://github.com/PowerDNS/weakforced -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
> On December 20, 2017 at 12:29 PM Marcus Rueckert <darix at opensu.se> wrote: > > > On Tue, 19 Dec 2017 17:13:10 +0000 > Matthew Broadhead <matthew.broadhead at nbmlaw.co.uk> wrote: > > > does anyone know of a linux module (maybe similar to fail2ban) that > > could be installed which would monitor email logs (sign ins) and > > alert the user to any suspicious activity on their account? i > > suspect it would need to log geo location, device type and ip address > > to a database. it seems like a module like this would be very useful > > and should exist already? thanks in advance > > https://github.com/PowerDNS/weakforced > > -- > openSUSE - SUSE Linux is my linux > openSUSE is good for you > www.opensuse.orgYou could use weakforced with dovecot's auth policy https://wiki2.dovecot.org/Authentication/Policy Aki