[Dovecot] Under POP attack - now to prevent?

henry ritzlmayr dovecot at rc0.at
Fri Jun 5 09:39:53 EEST 2009


Am Freitag, den 05.06.2009, 02:26 -0400 schrieb Timo Sirainen:
> On Jun 5, 2009, at 2:07 AM, henry ritzlmayr wrote:
> 
> > Interesting for me is that you are on v1.2RC4. Timo wrote yersterday
> > that with v1.2+ after every login failure the delay for the next  
> > attempt
> > should grow. When I take a look at your timestamps this is obviously  
> > not
> > working on your system.
> 
> That's because the client disconnects between attempts. Currently the  
> delay increase is done only within a single session.
> 
Ok, if thats so please really consider the possibility to disconnect a
user if he/she provides the wrong credentials. Otherwise we would have
to deal with two kinds of attackers on two places. The ones which don't
disconnect themselves would have to be handled by dovecot (growing
delay) and the ones which disconnect would have to be handled by
firewall/fail2ban etc. I personally prefer (I'm sure you figured that
already) a centralized approach on the firewall. 

Have a nice trip to frisco 
Henry




More information about the dovecot mailing list