[Dovecot] Account lockout option?
WJCarpenter
bill-dovecot at carpenter.org
Sat Mar 14 20:44:55 EET 2009
> Is there any option available for me to help inhibit/prevent
> brute-force login attempts?
I (and many others) use fail2ban. It works outside of dovecot, et al,
by tailing your log files. When it finds a configurable number of
failed attempts in a configurable time window, it blocks the remote IP
address for a configurable amount of time. It can protect you against a
lot more than failed email login attempts. I'm quite happy with it. I
typically turn back several brute force SSH login attempts every day. I
also have it watching my dovecot logins, but so far don't get many
attempts there.
More information about the dovecot
mailing list