[Dovecot] Dovecot under brute force attack - nice attacker

henry ritzlmayr dovecot at rc0.at
Thu Jun 4 20:20:08 EEST 2009


Am Donnerstag, den 04.06.2009, 12:23 -0400 schrieb Timo Sirainen:
> On Thu, 2009-06-04 at 18:13 +0200, henry ritzlmayr wrote:
> > > > Question:
> > > > Is there any way to close the connection after the
> > > > first wrong user/pass combination. So an attacker would be forced
> > > > to reopen it?
> > > 
> > > I think the growing delay is a better idea.
> > 
> > The Idea is good but I guess an option to just disconnect the attacker
> > wouldn't hurt in the config file? 
> 
> Yes, more settings in config file does hurt. There are way too many of
> them already. But passdb could perhaps return "disconnect" field if
> authentication failed..
> 
I am not that familiar with returning extra fields using passdb, but
wouldn't this be even more complicated. Since pam for example doesn't 
even support this and it also depends on the password database 
( as read on http://wiki.dovecot.org/PasswordDatabase/ExtraFields )?

Henry




More information about the dovecot mailing list