David Guntner grabbed a keyboard and wrote: [Lots of fail2ban stuff] Well, holy cow! That's what I get for starting a conversation. :-) I'm not the type to just ask a question or answer replies and just sit there waiting, I start mucking around and googling more and stuff. Just discovered that fail2ban has *multiport* support for iptables - it can be set up to filter chains control more than one port with a single filter command.
I further discovered that the Dovecot website itself has filter and jail rules for fail2ban to work with its log entries. So yea, if I can set up a filter rule that says something along the lines of "if you see this, block traffic for that IP address on the following ports...", that will do the trick! Yay! :-) Now, if I can just figure out a way to get Dovecot to close the connection when there's too many bad attempts.... I'll have to do some more testing; maybe the fail2ban chain through iptables will close an existing connection as was suggested might be the case in another reply.... Ooooh, the possibilities! :-D --Dave
signature.asc
Description: OpenPGP digital signature