[Dovecot] limiting number of login attempts from same ip

Robert Schetterer robert at schetterer.org
Fri Jun 10 12:26:44 EEST 2011


Am 10.06.2011 11:22, schrieb Jürgen Obermann:
> Hello,
> 
> is it possible to limit the number of pop3 (or imap) login attempts from
> one IP with dovecot to stop attackers? We recently had an attack from
> one IP-address lasting 50 minutes that tried 50000 pop3-logins with
> guessed users and passwords. I know about Fail2Ban but really would
> prefer an easy to configure solution inside of dovecot. Dovecot has this
> anvil daemon, can it be used for that purpose?
> 
> We use dovcot version 2.0.12 under Solaris 10, the pop3-login part of
> the configuration looking like that:
> 
> service pop3-login {
>   chroot = login
>   client_limit = 0
>   drop_priv_before_exec = no
>   executable = pop3-login
>   extra_groups =
>   group =
>   idle_kill = 0
>   inet_listener pop3 {
>     address =
>     port = 110
>     ssl = no
>   }
>   inet_listener pop3s {
>     address =
>     port = 995
>     ssl = yes
>   }
>   privileged_group =
>   process_limit = 0
>   process_min_avail = 0
>   protocol = pop3
>   service_count = 1
>   type = login
>   user = $default_login_user
>   vsz_limit = 64 M
> }
> 
> Thanks, Jürgen
> 

look
http://wiki2.dovecot.org/HowTo/Fail2Ban

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria


More information about the dovecot mailing list