[Dovecot] login processes from attacks staying for hours
Matt
lm7812 at gmail.com
Thu Jul 24 01:11:13 EEST 2008
> and I notice that dovecot doesn't handle the brute-force attacks too nice.
> I reduced the limit a bit to some reasonable looking value:
> login_max_processes_count = 32
> to stop them earlier and the number of processes stops at that figure when
> an attack happens.
Somewhat off original topic. I cannot help but wander what the goal
of the brute force attack is. I am guessing they want a working
username and password to relay junk email?
I have heard of users having there email address and password stolen
by a virus or spyware then used to authenticate and relay thousands of
pieces of junk email. We enabled rate-limit on Exim which only allows
a given IP to send to X number of message recipients in X amount of
time. We also added a plugin to Squirrel Mail to only allow so many
recipients per message and only so many messages per day.
Matt
More information about the dovecot
mailing list