[Dovecot] Dovecot under brute force attack - nice attacker

henry ritzlmayr dovecot at rc0.at
Thu Jun 4 19:13:04 EEST 2009


> > Question:
> > Is there any way to close the connection after the
> > first wrong user/pass combination. So an attacker would be forced
> > to reopen it?
> 
> I think the growing delay is a better idea.

The Idea is good but I guess an option to just disconnect the attacker
wouldn't hurt in the config file? 
This would be much easier to detect/monitor on an upfront firewall/IDS.
I agree that each service should care about its own security but some 
of us have certain sw/hw in front which also should be able to detect
such an attempt. By just delaying the next try I guess it will be tough
to detect this upfront.

Henry




More information about the dovecot mailing list