.test internal domain, own postfix SMTP+dovecot IMAP server.
The IMAP server is accessible from WAN via IMAPS (HAproxy+SSL/letsencrypt certificate).
As per securing against brute force attacks:
Dovecot has a listener process configured to talk the HAproxy’s specific PROXY protocol which passes the original client IP to Dovecot, so the latter can apply its own authentication penalty algorithm
Crowdsec is installed with the HAproxy plugin, so client IPs can also be banned after authentication errors, albeit I’m not sure this works with HAproxy’s PROXY protocol
.test internal domain, own postfix SMTP+dovecot IMAP server.
The IMAP server is accessible from WAN via IMAPS (HAproxy+SSL/letsencrypt certificate).
As per securing against brute force attacks:
Dovecot has a listener process configured to talk the HAproxy’s specific PROXY protocol which passes the original client IP to Dovecot, so the latter can apply its own authentication penalty algorithm
Crowdsec is installed with the HAproxy plugin, so client IPs can also be banned after authentication errors, albeit I’m not sure this works with HAproxy’s PROXY protocol