[Dovecot] limiting number of incorrect logins per connection
Alex
alex at ahhyes.net
Fri Aug 26 12:07:08 EEST 2011
3 minutes! I think that's too long, how can I drop that down to about
45 seconds?
On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote:
> On 26.8.2011, at 10.25, Alex wrote:
>
>> Running Dovecot 2 on my server. It is regularly getting dictionary
>> auth attacked. What I have noticed is that once connected to a
>> pop3/imap login session, you can send endless incorrect
>> usernames+passwords attempts. This is a problem for me... I use
>> fail2ban to try and stop these script kiddies. The problem is that
>> fail2ban detects the bad auths, firewalls the IP, however, since it's
>> an "established" session, the attacker can keep authing away... It's
>> only on a subsequent (new) connection that the firewalling will take
>> effect.
>
> Umm. If client hasn't managed to log in in 3 minutes, it's
> disconnected (no matter what it does with the connection).
More information about the dovecot
mailing list