On 10-03-04 00:51:40, tomas@tuxteam.de wrote:
On Wed, Mar 03, 2010 at 03:39:28PM -0500, Tony Nelson wrote:
Dovecot allows a large number of login attempts per connection.
I'd like to reduce that number to, say, 1, and let my firewall keep the ducks at bay,If the firewall is the one to do the job, I'd recommend an external application like fail2ban. It watches the logs and bans IP addresses with too many failures -- the nice thing is that it's able to cover all applications listening on external ports. You can define patterns in log files to which it has to react (but it comes with a good set of pre-defined patterns -- at least on popular GNU/Linux distros).
I already have something that works with any program secure enough not to allow unlimited login attempts. Using fail2ban might work if I configure it enough to sever existing connections.
but I can't find anything in /etc/dovecot.conf or by
googling. How do I do it? Do I need to patch the source?
I don't know about such a setting (but I don't know everything about Dovecot either!). Anyway, then it'd still the Dovecot process dealing with the rouge login attempts -- it seems better to keep them at the firewall level with the approach above.
Yes, and I'm going to use the firewall -- once I can get Dovecot to limit the number of login attempts per connection.
Looking at the source, I see that there are no options. It tarpits a bit, but currently has no limit on the number of attempts. I'll see what I can do.
--
TonyN.:' <mailto:tonynelson@georgeanelson.com> ' <http://www.georgeanelson.com/>