On Mon, 6 Jul 2020 at 10:34, Robert Chalmers (Author) <racu...@gmail.com> wrote: > I’m getting lots and lots of these types of login attempts; > and I’m wondering if there is someway - other than what I have - of blocking > them, or automatically adding their IP to a <badhosts> list that I have for > pfctl.
I also use Dovecot for sasl-authing submission on Postfix and I just recently implemented this using fail2ban (that uses firewalld). Fail2ban seemed like a large piece of software for a simple job at first, but it was okay after looking at it only for an hour or so, and I did get it working very easily. It has pre-configured filters for e.g dovecot and postfix-sasl. I also configured it to check sshd as that gets scanned a lot. It also handles delisting which would be much harder to implement with one's custom script. Regards, Simo
