On Thu, 2009-06-25 at 15:46 -0400, Timo Sirainen wrote:
You can also just decrease login_process_max_count. If Dovecot reaches the limit, it'll just start killing off old connections that haven't logged in.
What would be nice is, an anti brute force option, like xinetd, X-number of connections from Y i.p. in Z seconds (optional setting of course) or maybe a way to extend that to detect if the same i.p is retrying constantly using different usernames on every new connection within X seconds, come to think of it, that way would be much cooler :)
Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<warren>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<williams>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<www>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2