FAIL2BAN does not block brute force attacks
Posted: Fri Sep 23, 2016 10:49 pm
I am getting this warnings:
root@mx3:/# tail -f /var/log/exim4/mainlog
2016-09-23 19:40:42 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=laurie)
2016-09-23 19:40:42 no host name found for IP address 119.56.129.3
2016-09-23 19:41:00 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=margaret)
2016-09-23 19:41:00 no host name found for IP address 119.56.129.3
2016-09-23 19:41:19 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=maria)
2016-09-23 19:41:19 no host name found for IP address 119.56.129.3
2016-09-23 19:41:37 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=mariah)
2016-09-23 19:41:37 no host name found for IP address 119.56.129.3
2016-09-23 19:41:55 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marie)
2016-09-23 19:41:55 no host name found for IP address 119.56.129.3
2016-09-23 19:42:14 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marilyn)
2016-09-23 19:42:14 no host name found for IP address 119.56.129.3
2016-09-23 19:42:32 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marina)
2016-09-23 19:42:32 no host name found for IP address 119.56.129.3
2016-09-23 19:42:50 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marine)
What can I do to block these faudulent login attempts to dovecot accounts?
root@mx3:/# tail -f /var/log/exim4/mainlog
2016-09-23 19:40:42 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=laurie)
2016-09-23 19:40:42 no host name found for IP address 119.56.129.3
2016-09-23 19:41:00 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=margaret)
2016-09-23 19:41:00 no host name found for IP address 119.56.129.3
2016-09-23 19:41:19 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=maria)
2016-09-23 19:41:19 no host name found for IP address 119.56.129.3
2016-09-23 19:41:37 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=mariah)
2016-09-23 19:41:37 no host name found for IP address 119.56.129.3
2016-09-23 19:41:55 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marie)
2016-09-23 19:41:55 no host name found for IP address 119.56.129.3
2016-09-23 19:42:14 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marilyn)
2016-09-23 19:42:14 no host name found for IP address 119.56.129.3
2016-09-23 19:42:32 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marina)
2016-09-23 19:42:32 no host name found for IP address 119.56.129.3
2016-09-23 19:42:50 dovecot_login authenticator failed for (194.135.89.130) [119.56.129.3]: 535 Incorrect authentication data (set_id=marine)
What can I do to block these faudulent login attempts to dovecot accounts?