On 2020-04-22 18:45, Sami Ketola wrote:
Actually by far the biggest source of stolen credentials is viruses/trojans harvesting them.
i tryed blacklist all ips that got passwords errors, but that ends in big shorewall blrules so i turn it over to just add whitelist into blrules where ips is known custommers that dont abuse server, that way my shorewall got alot smaller config files to read and no kids from outside can abuse logins that way, now i have maked php script that monitors where abusers is from without give them access to abused ports
and i have seen the trojans or malware reveal strong passwords loose aswell, the battle is only as strong as users using email programs
so for now i see no fails on logins anymore from the only whitelisted asn range of trusted custommers ips
i just hope there would be free simple policy server for doevecot not only for dovecot oy
we are in same boat all, dont let it sink
