-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 25 Mar 2009, dove...@corwyn.net wrote:
That being said, it's now up and running and blocking ssh, dovecot, postfix,
and squirrelmail traffic. I created separate filters for dovecot, postfix,
and squirrelmail, and then added those sections
At 05:18 PM 3/19/2009, Ed W wrote:
WJCarpenter wrote:
Is there any option available for me to help inhibit/prevent
brute-force login attempts?
I (and many others) use fail2ban. It works outside of dovecot, et
al, by tailing your log files. When it finds a configurable
Took me a while
WJCarpenter wrote:
Is there any option available for me to help inhibit/prevent
brute-force login attempts?
I (and many others) use fail2ban. It works outside of dovecot, et al,
by tailing your log files. When it finds a configurable
Just to document that solution. This watches
Ed W wrote:
failregex = : warning: [-._\w]+\[HOST\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
failregex = dovecot: auth.*\(.*,HOST\): (unknown user|password mismatch)$
Ed, have you found that both failregex lines are actually being used
here, as in my experience, only
Bill Landry wrote:
Ed W wrote:
failregex = : warning: [-._\w]+\[HOST\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
failregex = dovecot: auth.*\(.*,HOST\): (unknown user|password mismatch)$
Ed, have you found that both failregex lines are actually being used
here,
Ed W wrote:
Bill Landry wrote:
Ed W wrote:
failregex = : warning: [-._\w]+\[HOST\]: SASL
(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
failregex = dovecot: auth.*\(.*,HOST\): (unknown user|password
mismatch)$
Ed, have you found that both failregex lines are actually
I'm currently using postfix and dovecot, with dovecot authentication
(with saslauthd) using mysql for accounts
Is there any option available for me to help inhibit/prevent
brute-force login attempts?
Thx.
Rick
Rick Steeves
http://www.sinister.net
The journey is the destination
Is there any option available for me to help inhibit/prevent
brute-force login attempts?
I (and many others) use fail2ban. It works outside of dovecot, et al,
by tailing your log files. When it finds a configurable number of
failed attempts in a configurable time window, it blocks the
