24 Dec
2007
24 Dec
'07
12:33 a.m.
Anyway, today I had 8000 login attempts to my dovecot server in an hour before blocking the IP with my firewall.
After googling, I didn't see very much discussion on the topic. There was some mention of blocksshd which was supposed to support dovecot in the next release (but doesn't appear to) and also fail2ban. While a script that parses logfiles will work, I'm not sure that this is the best way to go about handling repeated authentication failure.
Cursory scan in the FreeBSD ports tree:
bruteblock for ipfw bruteforceblocker for pf
mostly aimed at ssh or ftp brute force blocking ...
-bryan bradsby
DIR Capnet Texas State Government Net NOC: 512-475-2432 877-472-4848