dovecot - Dec 2017 - ot: how to block persistent same invalid account, different IPs

"Voytek Eymont" <voytek at sbt.net.au>
> I've installed fail2ban, it seems to be working as it identified my
failed
> test logins, BUT, my question is:
>
> what can I do when I see same invalid name trying to login to dovecot,
> different IP each time, how can I say block each IP as used by this name ?
If each IP is only used once in a long while, what would be the point?

In general, distributed attacks are very hard to stop if you have a
default accept stance.  I've observed that most of the attacks to my site
are from the enormous Chinese stated owned public network superblocks.
I finally got sick of them so I now spiral these IMAP/POP connections
into the Scharwzschild radius of my firewall.

It's a prophylactic measure and not a reactive system like fail2ban, and
may not work for you if you got road warriors that frequent that part
of the world.  However, it did get rid of a metric ton of BFD connections.

Joseph Tam <jtam.home at gmail.com>