[Dovecot] limiting number of incorrect logins per connection
tss at iki.fi
Fri Aug 26 11:44:45 EEST 2011
On 26.8.2011, at 10.25, Alex wrote:
> Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however, since it's an "established" session, the attacker can keep authing away... It's only on a subsequent (new) connection that the firewalling will take effect.
Umm. If client hasn't managed to log in in 3 minutes, it's disconnected (no matter what it does with the connection).
More information about the dovecot