[Dovecot] Logging authentication failures?
dri
dovecot-ri at scientician.org
Thu Oct 19 02:59:51 UTC 2006
I use a script that watches log files looking for failed ssh login attempts and adds firewall rules when there are enough login failures within a certain amount of time. I would like to apply this to Dovecot to automatically firewall attackers trying to brute-force an IMAP account. Is there a way to make Dovecot log authentication failures (I'm running 1.0.rc10)? In other words, can I configure Dovecot to put something in the log the instant "NO Authentication failed" is sent to the IMAP user?
With "auth_verbose = yes" I can see individual authentication mechanisms fail, but I have multiple passdb sections so a failure in one mechanism doesn't mean a complete login failure. Thus, configuring the script to watch for individual mechanism failures may result in the firewalling of legitimate users.
Thanks for any info!
More information about the dovecot
mailing list