[Dovecot] Limit login attempts per connection?

Ed W lists at wildgooses.com
Fri Mar 5 11:44:35 EET 2010


On 05/03/2010 04:43, Tony Nelson wrote:
> On 10-03-04 20:22:15, Frank Cusack wrote:
>> On 3/4/10 6:42 PM -0500 Tony Nelson wrote:
>> > Looking at the source, I see that there are no options.  It tarpits
>> > a bit, but currently has no limit on the number of attempts.  I'll
>> > see what I can do.
>>
>> I think it's a brilliant idea.  After one login attempt, all others
>> on the same connection should fail.
>
> A fan!  Anyway, there should at least be a choice.  Not that I've coded
> a choice, just a dumb patch -- see attachment.  It's a bit of a
> compromise, with a hard-coded limit of 4 attempts.  Maybe I'll lower it
> to 2.
>

I would be all in favour of a setting like this because it's easier to 
configure than fail2ban...

...but ...  At least my public facing servers seem to be receiving 
trickle scans where there is definite evidence of a slow distributed 
bruteforcer which uses multiple IPs to try multiple usernames and I 
probably only see each IP a few times a day...  This is quite hard to 
defend against without some kind of distributed system (and I believe 
there are such things?)

Good luck

Ed W


More information about the dovecot mailing list