[Dovecot] Limit login attempts per connection?
Tony Nelson
tonynelson at georgeanelson.com
Mon Mar 8 08:06:59 EET 2010
On 10-03-04 23:43:25, Tony Nelson wrote:
> On 10-03-04 20:22:15, Frank Cusack wrote:
> > On 3/4/10 6:42 PM -0500 Tony Nelson wrote:
> > > Looking at the source, I see that there are no options. It
> > > tarpits a bit, but currently has no limit on the number of
> > > attempts. I'll see what I can do.
> >
> > I think it's a brilliant idea. After one login attempt, all others
> > on the same connection should fail.
>
> A fan! Anyway, there should at least be a choice. Not that I've
> coded a choice, just a dumb patch -- see attachment. It's a bit of a
> compromise, with a hard-coded limit of 4 attempts. Maybe I'll lower
> it to 2.
New patch with conf file setting "max_auth_attempts". The default is 0
and means no limit; non-zero disconnects after that many login
failures. I put it in the main area of the conf file, but IIUC it
should also work in the pop3 or imap sections and only affect that
server. It doesn't affect the tarpitting.
When using it with an IPTables "recent" module rule, set it to 1.
--
____________________________________________________________________
TonyN.:' <mailto:tonynelson at georgeanelson.com>
' <http://www.georgeanelson.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-1.2-limitauth.patch
Type: text/x-patch
Size: 7989 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20100308/eafd8f04/attachment-0001.bin
More information about the dovecot
mailing list