_EuroTrash_

joined 1 year ago
[โ€“] _EuroTrash_@alien.top 1 points 1 year ago

.test internal domain, own postfix SMTP+dovecot IMAP server.

The IMAP server is accessible from WAN via IMAPS (HAproxy+SSL/letsencrypt certificate).

As per securing against brute force attacks:

  • Dovecot has a listener process configured to talk the HAproxy's specific PROXY protocol which passes the original client IP to Dovecot, so the latter can apply its own authentication penalty algorithm

  • Crowdsec is installed with the HAproxy plugin, so client IPs can also be banned after authentication errors, albeit I'm not sure this works with HAproxy's PROXY protocol

[โ€“] _EuroTrash_@alien.top 1 points 1 year ago

Main fiber link with one ISP and cable modem with a different ISP. I'm lucky enough to live at an intersection where both options are available - and the two links are literally buried under two different roads.