On 16/09/2017 23:25, Stroller wrote: > >> On 16 Sep 2017, at 20:31, Alan McKinnon <alan.mckin...@gmail.com> wrote: >> >> As far as I'm aware (and could be wrong), sshguard is mostly just sshd >> whereas fail2ban works on anything you can give it consistent logs for. > > I thought otherwise, but you appear to be right - SSHGuard appears to have > only a handful of "signatures", so it looks like Fail2Ban it is. > > https://www.sshguard.net/docs/reference/attack-signatures/
I reckon too, you did say folding in IMAP would also be cool. As a sidenote, I've just finished rolling out fail2ban here at work. It's a mobile provider and ISP with millions and millions of hones out there, and the owners has some very odd ideas on how mail works. Especially just how much mail coming from their individual phones I'm willing to relay (answer: not very much at all :-) ) Anyway, fail2ban went on the mail relays with strict rules as to number of connections etc etc. The amount of tweaking I had to make was minimal - just change some numbers. All the rules I needed were already there baked in, I just had to enable them and set the numbers. It even knew these are FreeBSD relays so the packet filter is pf. It's such a pleasure to use a product built with real engineering in mind and does it right. fail2ban ticks that box for me. -- Alan McKinnon alan.mckin...@gmail.com