[Dovecot] catching authentication failures with LDAP backend

Udo Rader listudo at bestsolution.at
Sat Dec 6 19:33:49 EET 2008


Udo Rader schrieb:
> Hi,
> 
> we have recently been hit by a couple of brute force password attacks 
> against dovecot. So what I want to do now is to add dovecot to fail2ban 
> in order to block further attacks.
> 
> However, I don't seem to be able to find out password verifification 
> failures for our LDAP based user data.
> 
> The only thing I see are loads of lines like these in the logfiles:
> 
> -------CUT-------
> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<ludovic>, 
> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<luna>, 
> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
> dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected: user=<luke>, 
> method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
> -------CUT-------
> 
> Googling the web I found that PAM based authentication obviously gives a 
> matchable error message, but for some reasons the ldap backend does not 
> - or does it?
> 
> Any pointers highly appreciated :-)

Solved it myself, adding changing to "auth_verbose = yes" in 
dovecot.conf solved it.

Any reasons why this isn't enabled by default?

--
Udo Rader, CTO
http://www.bestsolution.at


More information about the dovecot mailing list