[Dovecot] Limit login attempts per connection?
lists at wildgooses.com
Fri Mar 5 11:44:35 EET 2010
On 05/03/2010 04:43, Tony Nelson wrote:
> On 10-03-04 20:22:15, Frank Cusack wrote:
>> On 3/4/10 6:42 PM -0500 Tony Nelson wrote:
>> > Looking at the source, I see that there are no options. It tarpits
>> > a bit, but currently has no limit on the number of attempts. I'll
>> > see what I can do.
>> I think it's a brilliant idea. After one login attempt, all others
>> on the same connection should fail.
> A fan! Anyway, there should at least be a choice. Not that I've coded
> a choice, just a dumb patch -- see attachment. It's a bit of a
> compromise, with a hard-coded limit of 4 attempts. Maybe I'll lower it
> to 2.
I would be all in favour of a setting like this because it's easier to
configure than fail2ban...
...but ... At least my public facing servers seem to be receiving
trickle scans where there is definite evidence of a slow distributed
bruteforcer which uses multiple IPs to try multiple usernames and I
probably only see each IP a few times a day... This is quite hard to
defend against without some kind of distributed system (and I believe
there are such things?)
More information about the dovecot