David Guntner grabbed a keyboard and wrote:
[Lots of fail2ban stuff]
Well, holy cow! That's what I get for starting a conversation. :-) I'm
not the type to just ask a question or answer replies and just sit there
waiting, I start mucking around and googling more and stuff. Just
discovered that fail2ban has *multiport* support for iptables - it can
be set up to filter chains control more than one port with a single
filter command.
I further discovered that the Dovecot website itself has filter and jail
rules for fail2ban to work with its log entries.
So yea, if I can set up a filter rule that says something along the
lines of "if you see this, block traffic for that IP address on the
following ports...", that will do the trick! Yay! :-)
Now, if I can just figure out a way to get Dovecot to close the
connection when there's too many bad attempts.... I'll have to do some
more testing; maybe the fail2ban chain through iptables will close an
existing connection as was suggested might be the case in another reply....
Ooooh, the possibilities! :-D
--Dave
Attachment:
signature.asc
Description: OpenPGP digital signature