[Dovecot] catching authentication failures with LDAP backend
Udo Rader
listudo at bestsolution.at
Sat Dec 6 19:33:49 EET 2008
Udo Rader schrieb:
> Hi,
>
> we have recently been hit by a couple of brute force password attacks
> against dovecot. So what I want to do now is to add dovecot to fail2ban
> in order to block further attacks.
>
> However, I don't seem to be able to find out password verifification
> failures for our LDAP based user data.
>
> The only thing I see are loads of lines like these in the logfiles:
>
> -------CUT-------
> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<ludovic>,
> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<luna>,
> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<luke>,
> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
> -------CUT-------
>
> Googling the web I found that PAM based authentication obviously gives a
> matchable error message, but for some reasons the ldap backend does not
> - or does it?
>
> Any pointers highly appreciated :-)
Solved it myself, adding changing to "auth_verbose = yes" in
dovecot.conf solved it.
Any reasons why this isn't enabled by default?
--
Udo Rader, CTO
http://www.bestsolution.at
More information about the dovecot
mailing list