[Dovecot] limiting number of login attempts from same ip
Robert Schetterer
robert at schetterer.org
Fri Jun 10 12:26:44 EEST 2011
Am 10.06.2011 11:22, schrieb Jürgen Obermann:
> Hello,
>
> is it possible to limit the number of pop3 (or imap) login attempts from
> one IP with dovecot to stop attackers? We recently had an attack from
> one IP-address lasting 50 minutes that tried 50000 pop3-logins with
> guessed users and passwords. I know about Fail2Ban but really would
> prefer an easy to configure solution inside of dovecot. Dovecot has this
> anvil daemon, can it be used for that purpose?
>
> We use dovcot version 2.0.12 under Solaris 10, the pop3-login part of
> the configuration looking like that:
>
> service pop3-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = pop3-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener pop3 {
> address =
> port = 110
> ssl = no
> }
> inet_listener pop3s {
> address =
> port = 995
> ssl = yes
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = pop3
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 64 M
> }
>
> Thanks, Jürgen
>
look
http://wiki2.dovecot.org/HowTo/Fail2Ban
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
More information about the dovecot
mailing list