On 2017-12-22 13:23, Jeff Abrahamson wrote:
fail2ban isn't really the right tool to fight massive DDOS attacks.
On the other hand, you don't seem to have that problem, so things work
out maybe.
It's cleaner to know the future and ban the right things at the right
times, but is there real harm from people trying bad logins from
different IP's and you just wait for fail2ban to block each one? Your
log snippet covers 151 minutes, even fail2ban would normally have
unjailed ip's after that much time.
https://wiki2.dovecot.org/Authentication/Policy
https://github.com/PowerDNS/weakforced
works much better imho.
