Hello, Thanks for the link to ipset-balcklist, i will try it.fail2ban is not interesting for me because with phishing, connexions are succeded !
I would like to detect and block succeed connections when a user connects from multiple
countries the same day. Thanks Le 26/02/2019 à 12:00, Neil Price a écrit :
On 22/02/2019 08:41 PM, Stéphane Branchoux wrote:Each week , few users respond to phishing mails.I use rules on firewalls, DNS filters, training program for users , anti spam products , anti virus ….I am looking for a way or tools to reduce identity theft on my Cyrus imap server. For example , scripts to geo localise ip requests , detect and reject bad connexions ? Is it possible to authorize few devices for a user and reject other devices ?Which tools do you use on your Cyrus imap servers to protect them ?fail2ban and fail2ban-repeater https://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/ ipset-blacklist https://github.com/trick77/ipset-blacklist (great for banning whole countries)password policies Plus the usual: SPF, clam, spamassassin, greylisting, etc Spam check outgoing mail too. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
-- Stephane BRANCHOUX Centre de Ressources Informatiques de l'Université de Perpignan. Systèmes/Réseaux - RSSI mailto:stephane.branchoux@xxxxxxxxxxxx 04 68 66 21 24 / 07 60 73 38 42
Attachment:
smime.p7s
Description: Signature cryptographique S/MIME
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
