My Fail2Ban Lists

After years of collecting attacks and doing some recent pattern changes, I’m going to setup the structure here to periodically share some of the jail IPs that I continue to snag. I’ll publish them here. The goal isn’t to provide a publishing blacklist or anything, but just be of some additional confirmation if people are searching out IP addresses of bad actors to their infrastructure. 

Postfix-SASL Jail: Connections that tried to relay off my servers. 

Postfix Jail: Connections that tried to relay non-SASL off my servers.

Dovecot Jail: Connection that tried to login via IMAP/IMAPS off my servers.

Apache-Auth Jail: Connections that tried to use Apache-Auth on my servers. 

Leave a comment or reply