[Dovecot] Configure unsuccessful login attempts
jerralegayle at sheltoncomputers.com
Thu Jun 3 19:42:52 EEST 2010
On 6/3/2010 7:13 AM, Greg Pearson wrote:
>> You could use fail2ban, see also: http://wiki.dovecot.org/HowTo/Fail2Ban
> So I guess the result would be to the login process become
> unresponsive, right? I am not sure this would be what I want. The
> desired behaviour for me would be to reject the connection even if the
> password becomes correct after several failures. I realise this would
> not help under DoS scenarios (in which I think fail2ban is
> targetting). I will give it a try, of course, but I was wondering if
> another approach is possible. Generally speaking, it would be really
> nice if Dovecot itself had such options.
You don't have to use iptables to block it, with fail2ban. You can have
fail2ban change the entry in your Mysql table, if you have an "active"
field on the table for each user, to not active and, when the ban period
you set is up, fail2ban can change the active field back to active.
this should cause the mail client to say "your account is either locked
or not active"
E-mail me if you want help with this.
More information about the dovecot