[Dovecot] limiting number of incorrect logins per connection

Alex alex at ahhyes.net
Fri Aug 26 12:07:08 EEST 2011


 3 minutes! I think that's too long, how can I drop that down to about 
 45 seconds?


 On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote:
> On 26.8.2011, at 10.25, Alex wrote:
>
>> Running Dovecot 2 on my server. It is regularly getting dictionary 
>> auth attacked. What I have noticed is that once connected to a 
>> pop3/imap login session, you can send endless incorrect 
>> usernames+passwords attempts. This is a problem for me... I use 
>> fail2ban to try and stop these script kiddies. The problem is that 
>> fail2ban detects the bad auths, firewalls the IP, however, since it's 
>> an "established" session, the attacker can keep authing away... It's 
>> only on a subsequent (new) connection that the firewalling will take 
>> effect.
>
> Umm. If client hasn't managed to log in in 3 minutes, it's
> disconnected (no matter what it does with the connection).



More information about the dovecot mailing list