[Dovecot] Auth failure delays

Timo Sirainen tss at iki.fi
Mon Nov 9 23:41:11 EET 2009


On Mon, 2009-11-09 at 09:01 +0100, Steffen Kaiser wrote:
> > Any thoughts?
> 
> The only two remarks I have are that some well-known IPs should be able to 
> bypass this check, e.g. NATed gateways of the organisation 

Hmm. That seems like way too much trouble. Even just on/off setting
annoys me.

> and that 
> external IDSs (e.g. fail2ban) should be able to pick up the possible 
> breakin, maybe you can configure Dovecot to send failed logins to syslog, 
> too, even though it logs to file normally.

This also seems kind of weird.. Why couldn't fail2ban or whatever just
parse the normal log files? Or maybe you should just configure syslog to
log to those two different locations?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091109/8497776d/attachment.bin 


More information about the dovecot mailing list