29 Aug
2006
29 Aug
'06
10:23 a.m.
On Fri, Aug 25, 2006 at 04:23:32PM +0200, Amon Ott wrote:
On one of our servers, we experience regular tries to brute force logins, probably based on harvested mail addresses. Now I wonder if dovecot has or could in future have some mechanism to blacklist remote IP addresses after a configurable number of failures to login to any account.
Countless perl scripts exist which parse sshd login logs for login attacks and insert dynamic firewall rules to temporarily blacklist them. Those could easily be adapted to pop3/imap login logs.
Geert