[Dovecot] penalty configuration and proxy servers

Mark Zealey mark.zealey at webfusion.com
Fri Mar 4 12:16:25 EET 2011

Hi there,

I've had a look through the wiki and a quick look through the source for 
penalty configurations (dovecot 2.0.9) but I've not found anything to do 
with configuration options for this functionality. I'm basically wanting 
to disable a particular host/subnet from the penalty setup. In our case 
we have some webmail servers that do get attacked however most of the 
traffic is legitimate so I'd rather that the user experience was faster 
(ie not having a few seconds of delay on login) than that we slowed down 
attacks from them.

On a similar note; is it possible to do the per-ip login limit in the 
auth level rather than the imap/pop level? I ask this as we've just 
implemented a proxy setup whereby we have two frontend proxy servers 
that then dispatch to backend servers specified in the database. So, the 
backend servers do the actual imap/pop sessions however we now don't see 
the remote ip addresses so it becomes difficult to limit abusive users.

The 'doveadm who'/process listing code also doesn't work on the proxy 
servers even though dovecot knows who logged in and forwards the 
connection through to the backend servers.

None of these features/suggestions are show-stoppers; dovecot is a great 
program however they're more suggestions of ways it would be useful for 
us to improve the software.



More information about the dovecot mailing list