[Dovecot] stopping dictionary attacks (pop3)

other at ahhyes.net other at ahhyes.net
Tue Sep 3 04:59:23 EEST 2013


Hi Guys,

I was really hoping a couple of years later this would be addressed... 
I'm running Dovecot 2.2.5 on FreeBSD.

Is there anyway to limit the number of auth attempts allowed in a 
single session? The reason for this is because I have "fail2ban" setup 
to firewall out any IP addresses that repeatedly auth fails. The issue 
occurs when the connection is already in an "established" state and the 
attacker uses the existing session to hammer away, fail2ban becomes 
ineffective as dovecot appears to allow the person to attempt 
authentication ad infinitum.

It would be nice if there was config option that would for example 
cause the software to close the connection after X failed attempts. I 
use "pf" as the firewall on FreeBSD.

Unless there was some command I could have fail2ban run a command that 
would destroy any tcp sessions in an established state prior to adding 
the offending IP to the block list, that would be the only way around 
the problem. Ideally it would be nice for dovecot have an option to 
control the number of failed auth attempts.

Any suggestions?

Cheers,
Alex.





More information about the dovecot mailing list