Hello Mark (and others),
On 16-07-13 05:00, Mark Sapiro wrote:
On 07/15/2013 09:09 AM, Paul van der Vlis wrote:
Are you blocked when you login a few times with a wrong password?
I expect your log will say something like "auth failed, 22 attempts in 30 secs", and fail2ban will see that as 1 authentications error, so will not block you.
I am blocked. The log says
Jul 15 19:36:06 sbh16 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<mark>, method=APOP, rip=98.248.186.228, lip=72.52.113.16, TLS, session=
Jul 15 19:36:16 sbh16 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=<mark>, method=APOP, rip=98.248.186.228, lip=72.52.113.16, TLS, session=
Jul 15 19:36:29 sbh16 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=<mark>, method=APOP, rip=98.248.186.228, lip=72.52.113.16, TLS, session=
Jul 15 19:36:49 sbh16 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 17 secs): user=<mark>, method=APOP, rip=98.248.186.228, lip=72.52.113.16, TLS, session=
Jul 15 19:37:09 sbh16 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 17 secs): user=<mark>, method=APOP, rip=98.248.186.228, lip=72.52.113.16, TLS, session=
The difference may be that I am connecting to pop3s, port 995 with SSL, not port 110 with STARTTLS.
What wonders me is that every attempt is logged. With me the attemps are counted together. I think it's not very important which port or protocol is used.
With regards, Paul van der Vlis.
-- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl/