Hi All, I just installed fail2ban a week ago on a new Debian server.
I have noticed that there is a dictionary attack that is in progress against my mail server. In this case they are trying to guess the password for finance@domain. The attempts are coming from different IPs. I will see same IP only once per day on average. This way they never trigger the ban. But in each connection they will perform multiple passwords check: ... dovecot: imap-login: Disconnected (auth failed, 4 attempts in 53 secs): user=<finance@ ... What I was thinking is that "4 attempts" should be counted as 4 instead of as 1. Is this a feature that already exist? How easy would it be to implement? Regards, K _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
