[Dovecot] Auth failure delays

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Mon Nov 9 10:01:55 EET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 6 Nov 2009, Timo Sirainen wrote:

> Any thoughts?

The only two remarks I have are that some well-known IPs should be able to 
bypass this check, e.g. NATed gateways of the organisation and that 
external IDSs (e.g. fail2ban) should be able to pick up the possible 
breakin, maybe you can configure Dovecot to send failed logins to syslog, 
too, even though it logs to file normally.

My subjective feeling is that such "hammering" attacks from a single host 
origin from a misconfigured auto-POPer than an attack nowadays.

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSvfMdXWSIuGy1ktrAQLKTAf/e7cQ6ONK0HuqkBeg3NBotXsRf0qeeOmZ
w857YOQJqqGVrnCBQVaA7OWVBlAMhfpM3Nc/WMth4/vooXz8wWp3Y+Bqpw1Iex1M
qOI2nIX+Jep4a8/3XExmWlh5gsQRWQRhkWNY12nu2jqEe0QT4VgqrMIs7YPgXTel
fmWSWHA3HySKiRbP+pwzPZH1B6aEAysK3W/BHycS5/HWab4E60LiyncBtMm24eKZ
dRZ1NqOhknNX8E6lbnNagQL/J1Cnge1drT0/FvYNunuMPpgWVopBw73sifC/Xh9A
RhOIjcw56MN0CNvJBBW692FGNMjiSanHJztLb/1iop8LT4+bmvrWvA==
=W9T5
-----END PGP SIGNATURE-----


More information about the dovecot mailing list