Thanks David. You're probably right, I'll check fail2ban. At the oter sinde:
regex is not my friend though.
BW Günter
> David Matthews hat am 07.06.2023 16:40 CEST
> geschrieben:
>
>
> >Hello David,
> >
> >thanks for your information. Maybe fail2ban is a solution. I would prefer to
> >solv
>Hello David,
>
>thanks for your information. Maybe fail2ban is a solution. I would prefer to
>solve the problem with board funds from James.
>
With fail2ban, once you come up with a working regex, you're solving the
problem at a pre James level - in affect you would be operating an automatic
an
Hello David,
thanks for your information. Maybe fail2ban is a solution. I would prefer to
solve the problem with board funds from James.
Perhaps the solution would be to extend the handlers to stop after a certain
number of failed attempts?
Best wishes
Günter
> David Matthews hat am 07.06.2
Hello Karsten,
thanks for the tip. I tried it but it doesn't work.
It seems that "verifyFailureDelay" only works for an identical user login. Here
is a connection and then an attempt with different users to log in. There is no
delay between registrations. It would be good if a connection was cl
There is a property named verifyFailureDelay that you can set in
usersrepository.xml. The value is a time to wait between unsuccessful
authentication attempts, e.g. 2s to wait 2 seconds.
You won't get rid of the attacks this way, but slow down any brute force
attempts to guess valid user password
>I run a James mail server (james-server-spring-app-3.8.0). The log file shows
>that the server is constantly being attacked. This is normal, the server is on
>the Internet.
My experience is that there is a sharp increase on attacks on small mail
servers since maybe April. This is not a James i
I run a James mail server (james-server-spring-app-3.8.0). The log file shows
that the server is constantly being attacked. This is normal, the server is on
the Internet.
I was able to fend off some of the attacks via the firewall: blocking IP
addresses or limiting access per minute (connect).
