I’m seeing thousands of POP3 auth attempts in my mail.log. Is fail2ban already configured to handle these attempts and block them, or is there currently no configuration for this?
Dec 8 19:38:23 mailinabox dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 17 secs): user=<keny>, method=PLAIN, rip=46.29.255.135, lip=12.13.14.15, session=<YXXXXXXXXXXHf+H>
edit: I haven’t updated the box in a while, so possible this isn’t an issue anymore. Let me update, and report back with feedback.