[Dovecot] Auto-blacklisting hosts after too many failed logins
ghen at telenet.be
Tue Aug 29 10:23:49 EEST 2006
On Fri, Aug 25, 2006 at 04:23:32PM +0200, Amon Ott wrote:
> On one of our servers, we experience regular tries to brute force logins,
> probably based on harvested mail addresses. Now I wonder if dovecot has
> or could in future have some mechanism to blacklist remote IP addresses
> after a configurable number of failures to login to any account.
Countless perl scripts exist which parse sshd login logs for login attacks
and insert dynamic firewall rules to temporarily blacklist them. Those
could easily be adapted to pop3/imap login logs.
More information about the dovecot