[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?

Ken A ka at pacific.net
Wed Aug 30 23:42:46 EEST 2006

fail2ban looks interesting too, but doesn't appear to allow 
whitelisting? That could be bad..

David Rees wrote:
> I'm looking for a way to deny access to dovecot from certain IP
> addresses, basically to help prevent brute force attacks on the
> server.
> Right now I'm using denyhosts which scans /var/log/secure for
> authentication failures which then can add an entry to
> /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support,
> that doesn't do anything.
> It doesn't look like I can run dovecot run xinetd.
> Any other ideas to help protect dovecot from brute force attacks? I
> don't think pam can help, can it?
> Otherwise I need to figure out a way to have denyhosts trigger
> iptables rules or something, or maybe there's another application that
> will work?
> -Dave

More information about the dovecot mailing list