I agree with Ron Wheeler. The default settings for Dovecot and Postfix are solid. The default settings for Fail2ban, on the other hand, are inadequate. Not because its a bad program, but rather that 1.) the default settings are a little lenient, and 2.) hackers know those default settings.
You'll need to set the findtime, jailtime, and attempts more strict. I set the findtime to an hour, the jail time to a month, and attempts to 2. The times are in seconds, so you'll need to calculate those times. On April 2, 2019 2:10:24 PM GMT+02:00, James Brown <jlbr...@bordo.com.au> wrote: >Thanks Esteban. I have fail2ban installed. Unfortunately each attempt >comes from a different IP (botnet I presume). I’m finding this all the >time now, so fail2ban seems to be no longer much use. > >Was just hoping there was a Postfix or Dovecot setting I could use to >ignore these submission attempts. > >James. > > >> On 2 Apr 2019, at 7:43 pm, Esteban L <este...@little-beak.com ><mailto:este...@little-beak.com>> wrote: >> >> You will need to install fail2ban to ip block failed attempts. >> >> As you have correctly assumed, a malicious person is trying to hack >into you mail server. >> >> Fail2ban is a required application now and days. >> >> On April 2, 2019 8:57:06 AM GMT+02:00, James Brown ><jlbr...@bordo.com.au <mailto:jlbr...@bordo.com.au>> wrote: >> Not sure if this is a Dovecot or Postfix issue we use Dovecot for >authentication for Postfix. Mailboxes are stored in MySQL. >> >> Have noticed this today: >> >> auth-worker(42777): Info: sql(cont...@com.au ><mailto:cont...@com.au>,127.0.0.1): unknown user (given password: >someone123) >> >> Also i...@com.au <mailto:i...@com.au> etc. >> >> They are coming through on port 465. >> >> Obviously my domain is not ‘com.au <http://com.au/>’ - how can I stop >these attempts from even being considered? >> >> I did update to Postfix 3.4.5 yesterday. Running Dovecot 2.3.5. >> >> Thanks, >> >> James. >> >> >> >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
