[Dovecot] dovecot penalties and anvil

Timo Sirainen tss at iki.fi
Tue Dec 20 12:59:06 EET 2011


On Tue, 2011-12-13 at 09:39 -0200, Leonardo Rodrigues wrote:

>      I'm strugling to find some documentation on dovecot's anvil service 
> and/or its penalties (that can be checked with doveadm penalty) ... but 
> i'm not finding anything on that.
> 
>      is there any documentation on anvil/penalties that i should check 
> other than a few messages on the mailing list archive ?

Nope. Basically:

 * Each failed attempt doubles the penalty for next login attempt from
that specific IP
 * Penalty is maxed out at 30 seconds
 * Each successful login (after waiting for penalty) will clear the
penalty for that IP
 * You can disable the penalty entirely with: service anvil
{ unix_listener anvil-auth-penalty { mode = 0 } }

I don't really like this penalty stuff. Maybe it's better than nothing,
maybe not. Maybe there's a better way to do it. Not very useful for
IPv6.



More information about the dovecot mailing list