[Dovecot] limiting number of incorrect logins per connection
alex at ahhyes.net
Fri Aug 26 12:14:34 EEST 2011
I am happy to recompile if there is no config option. I gather it's in
the src/auth dir somewhere in one of the C source files. Just need to be
pointed in the right dir.
On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote:
> 3 minutes! I think that's too long, how can I drop that down to about
> 45 seconds?
> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote:
>> On 26.8.2011, at 10.25, Alex wrote:
>>> Running Dovecot 2 on my server. It is regularly getting dictionary
>>> auth attacked. What I have noticed is that once connected to a
>>> pop3/imap login session, you can send endless incorrect
>>> usernames+passwords attempts. This is a problem for me... I use
>>> fail2ban to try and stop these script kiddies. The problem is that
>>> fail2ban detects the bad auths, firewalls the IP, however, since it's
>>> an "established" session, the attacker can keep authing away... It's
>>> only on a subsequent (new) connection that the firewalling will take
>> Umm. If client hasn't managed to log in in 3 minutes, it's
>> disconnected (no matter what it does with the connection).
More information about the dovecot