[Dovecot] Lots of pop3-logins
Noel Butler
noel.butler at ausics.net
Fri Jun 26 00:48:26 EEST 2009
On Thu, 2009-06-25 at 15:46 -0400, Timo Sirainen wrote:
> You can also just decrease login_process_max_count. If Dovecot reaches
> the limit, it'll just start killing off old connections that haven't
> logged in.
>
What would be nice is, an anti brute force option, like xinetd, X-number
of connections from Y i.p. in Z seconds (optional setting of course) or
maybe a way to extend that to detect if the same i.p is retrying
constantly using different usernames on every new connection within X
seconds, come to think of it, that way would be much cooler :)
> >
> > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1
> > attempts): user=<warren>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
> > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1
> > attempts): user=<williams>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
> > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1
> > attempts): user=<www>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
More information about the dovecot
mailing list