On 3/10/26 10:30, Ralph Seichter via Postfix-users wrote:
* Gary R. Schmidt via Postfix-users:
Turn on postscreen and add fail2ban.
Postscreen: yes! Fail2ban: That's a divisive subject.
In my experience, Fail2ban can screw people over, causing a significant
waste of time for users and admins. I don't think F2B is worth that.
Strong passwords do a lot more good than IP-based blocking, and the more
IPv6 use increases, the less useful F2B becomes anyway.
I advise against Fail2ban, unless you are very conscious of how it might
bite your and your users' bum.
I consider fail2ban worthwhile *used appropriately*. Which is to say,
to TEMPORARILY block IP addresses that are sourcing brute-force attacks
against a service (*any* service). If your fail2ban blocks are
permanent, or you're using it to block IPs you got mail from that you
considered spam, you're probably using it wrong.
--
Phil Stracchino
Fenian House Publishing
[email protected]
[email protected]
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
