[Dovecot] Configure unsuccessful login attempts

Jerrale Gayle jerralegayle at sheltoncomputers.com
Thu Jun 3 19:42:52 EEST 2010


On 6/3/2010 7:13 AM, Greg Pearson wrote:
>> You could use fail2ban, see also: http://wiki.dovecot.org/HowTo/Fail2Ban
>
> So I guess the result would be to the login process become 
> unresponsive, right? I am not sure this would be what I want. The 
> desired behaviour for me would be to reject the connection even if the 
> password becomes correct after several failures. I realise this would 
> not help under DoS scenarios (in which I think fail2ban is 
> targetting). I will give it a try, of course, but I was wondering if 
> another approach is possible. Generally speaking, it would be really 
> nice if Dovecot itself had such options.
>
>
>
You don't have to use iptables to block it, with fail2ban. You can have 
fail2ban change the entry in your Mysql table, if you have an "active" 
field on the table for each user, to not active and, when the ban period 
you set is up, fail2ban can change the active field back to active.

this should cause the mail client to say "your account is either locked 
or not active"

E-mail me if you want help with this.

Jerrale


More information about the dovecot mailing list