[Dovecot] penalty configuration and proxy servers
Mark Zealey
mark.zealey at webfusion.com
Fri Mar 4 12:16:25 EET 2011
Hi there,
I've had a look through the wiki and a quick look through the source for
penalty configurations (dovecot 2.0.9) but I've not found anything to do
with configuration options for this functionality. I'm basically wanting
to disable a particular host/subnet from the penalty setup. In our case
we have some webmail servers that do get attacked however most of the
traffic is legitimate so I'd rather that the user experience was faster
(ie not having a few seconds of delay on login) than that we slowed down
attacks from them.
On a similar note; is it possible to do the per-ip login limit in the
auth level rather than the imap/pop level? I ask this as we've just
implemented a proxy setup whereby we have two frontend proxy servers
that then dispatch to backend servers specified in the database. So, the
backend servers do the actual imap/pop sessions however we now don't see
the remote ip addresses so it becomes difficult to limit abusive users.
The 'doveadm who'/process listing code also doesn't work on the proxy
servers even though dovecot knows who logged in and forwards the
connection through to the backend servers.
None of these features/suggestions are show-stoppers; dovecot is a great
program however they're more suggestions of ways it would be useful for
us to improve the software.
Thanks,
Mark
More information about the dovecot
mailing list