Re: Massiv dictionary attacks from <rackspace.com>
First of all, you can whitelist your own address ranges.
Second, one should keep in mind that even your own customers can catch a trojan
which brute forces your mail server with 100s of authentication requests/s.
To avoid WTF-situations for your customers or the support, you can weaken the
thresholds a bit. Maybe to ban for only 5min after 10 wrong tries within 10s.
Someone who just tries to remember what his password was, will unlikely type
fast enough to be catched then.
On Tue, 14 Aug 2012 20:16:18 +0400
Jean-Christian BEDIER <firstname.lastname@example.org> wrote:
> Yes and thinking your customer never do any fault....
> Le 14 août 2012 à 19:15, Gregor Hermens <email@example.com> a écrit :
> > Hi,
> > Am Dienstag, 14. August 2012 schrieb Jean-Christian BEDIER:
> >> Fail2ban is a bad choice if you have customers who use this imap server.
> > why that? You just have to change the configuration to fit your needs, as with
> > every other software...
> > Cheers,
> > Gregor
> > --
> > @mazing fon +49 8142 6528665
> > Gregor Hermens fax +49 8142 6528669
> > Brucker Strasse 12 firstname.lastname@example.org
> > D-82216 Gernlinden http://www.a-mazing.de/
> > --
> > To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact email@example.com
> > Archive: [🔎] firstname.lastname@example.org">http://lists.debian.org/[🔎] email@example.com