Mail-in-a-Box Forum

fail2ban for pop3-login

richardkeller December 14, 2015, 7:37pm 1

I’m seeing thousands of POP3 auth attempts in my mail.log. Is fail2ban already configured to handle these attempts and block them, or is there currently no configuration for this?

Dec  8 19:38:23 mailinabox dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 17 secs): user=<keny>, method=PLAIN, rip=46.29.255.135, lip=12.13.14.15, session=<YXXXXXXXXXXHf+H>

edit: I haven’t updated the box in a while, so possible this isn’t an issue anymore. Let me update, and report back with feedback.

JoshData December 14, 2015, 11:33pm 2

I’m not sure. I don’t think so.

Gatewayy December 20, 2015, 4:31am 3

It isn’t setup to block much of anything by default: https://github.com/mail-in-a-box/mailinabox/blob/master/conf/fail2ban/jail.local.

aspdye December 20, 2015, 8:54am 4

I think it does also block “pop3-login”-requests, by the following:

https://github.com/mail-in-a-box/mailinabox/blob/master/conf/fail2ban/dovecotimap.conf

Can @JoshData can confirm this?

JoshData December 22, 2015, 3:21am 5

I really don’t know for sure either way.