Hi folks,
first of all thanks for Dovecot, I appreciate it a lot.
On one of our servers, we experience regular tries to brute force logins, probably based on harvested mail addresses. Now I wonder if dovecot has or could in future have some mechanism to blacklist remote IP addresses after a configurable number of failures to login to any account.
Blacklisted IPs could simply be disconnected without giving them a chance to do anything. After e.g. one day or one hour of no further connection, the blacklist entry could be dropped.
As a bonus, it would be great to have a way to close the POP3/IMAP firewall ports to these IPs to avoid dovecot seeing the connection at all. A kind of blacklist status file on disk would be enough, from which some cron job could fill a firewall chain.
If necessary, I would try to add this functionality myself.
Amon.
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22