[Dovecot] limiting authentication failures

Charles Marcus CMarcus at Media-Brokers.com
Thu Feb 19 14:17:01 EET 2009


On 2/19/2009, Eric B. Schorvitz, Ph.D. (eric at pmtechllc.com) wrote:
> I wanted to know if there's a way to limit the number of times an IP address
> can attempt to authenticate, if there's a way to have a timeout between
> attempted authentications, or if there is a way to limit authentication
> attempts by a specific username within a certain period of time.

I think this is on the radar for being handled directly by dovecot, but
for now, your best bet is something like fail2ban.

The advantage of using fail2ban is it works with pretty much anything,
not just one app...

-- 

Best regards,

Charles


More information about the dovecot mailing list