<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">fail2ban can do anything you want - including what you describe - you just have tell it what to look for in the logs!<div class=""><br class=""></div><div class=""><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">--<br class="">Merlin Hartley<br class="">Computer Officer</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">MRC Mitochondrial Biology Unit</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">University of Cambridge</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Cambridge, CB2 0XY</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">United Kingdom</div></div></div></div>
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 26 Feb 2019, at 14:20, Stephane Branchoux <<a href="mailto:stephane.branchoux@univ-perp.fr" class="">stephane.branchoux@univ-perp.fr</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hello,<br class=""><br class="">Thanks for the link to ipset-balcklist, i will try it.<br class=""><br class="">fail2ban is not interesting for me because with phishing, connexions are succeded !<br class=""><br class="">I would like to detect and block succeed  connections when a user connects from multiple<br class=""><br class="">countries the same day.<br class=""><br class="">Thanks<br class=""><br class="">Le 26/02/2019 à 12:00, Neil Price a écrit :<br class=""><blockquote type="cite" class=""><br class="">On 22/02/2019 08:41 PM, Stéphane Branchoux wrote:<br class=""><blockquote type="cite" class=""><br class="">Each week , few users respond to phishing mails.<br class="">I use rules on firewalls, DNS filters, training program for users , anti spam products , anti virus ….<br class=""><br class="">I am looking for a way or tools to reduce identity theft on my Cyrus imap server.<br class="">For example , scripts to geo localise ip requests , detect and reject bad connexions  ?<br class="">Is it possible to authorize few devices for a user and reject other devices  ?<br class=""><br class="">Which tools do you use on your Cyrus imap servers to protect them ?<br class=""><br class=""><br class=""></blockquote><br class="">fail2ban and fail2ban-repeater <a href="https://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/" class="">https://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/</a><br class="">ipset-blacklist <a href="https://github.com/trick77/ipset-blacklist" class="">https://github.com/trick77/ipset-blacklist</a> (great for banning whole countries)<br class="">password policies<br class=""><br class="">Plus the usual: SPF, clam, spamassassin, greylisting, etc<br class="">Spam check outgoing mail too.<br class="">----<br class="">Cyrus Home Page: <a href="http://www.cyrusimap.org/" class="">http://www.cyrusimap.org/</a><br class="">List Archives/Info: <a href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/" class="">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a><br class="">To Unsubscribe:<br class=""><a href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus" class="">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a><br class=""></blockquote><br class="">-- <br class="">Stephane BRANCHOUX<br class="">Centre de Ressources Informatiques de l'Université de Perpignan.<br class="">Systèmes/Réseaux - RSSI<br class=""><a href="mailto:stephane.branchoux@univ-perp.fr" class="">mailto:stephane.branchoux@univ-perp.fr</a><br class="">04 68 66 21 24 / 07 60 73 38 42<br class=""><br class=""><br class="">----<br class="">Cyrus Home Page: http://www.cyrusimap.org/<br class="">List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br class="">To Unsubscribe:<br class="">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</div></div></blockquote></div><br class=""></div></body></html>