Force TCP socket disconnect on imap login failure?
Daryl Richards
daryl at isletech.net
Wed May 25 16:15:42 UTC 2022
On 2022-05-25 11:44 a.m., dovecot at ptld.com wrote:
>> On 05-25-2022 11:28 am, Hippo Man wrote:
>> In my case, that is not occurring. After issuing the iptables DROP command, the client can continue to send more and more login attempts.
>> Only when the client disconnects does the block of the socket seem to work for that IP address. I continue to see numerous instances of this behavior.
>
>
> Having this rule
>
> -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> before the drop would have that behavior
Or, in your fail2ban (or other script) that adds the IP to be blocked,
also call 'conntrack -D ${ip}' which will clear the current state from
the firewall, requiring them to reconnect. This will then hit the DROP rule.
More information about the dovecot
mailing list