On 2013-09-02 4:12 AM, Stan Hoeppner <stan@hardwarefreak.com> wrote:
As others have suggested this seems a log clutter issue, nothing more.
Well, it would be nice to have some way to stop brute force attacks (rather than just letting one run rampant until the attacker gives up) - ie, attempted FAILED logins to the same user account.
Maybe a two pronged approach...
A whitelist that whitelists IP+username for *successful* logins (maybe with a configurable age-out option) to prevent the real user from being locked out if accessing from an IP on the whitelist, and
A blacklist that when triggered (x failed login attempts in x seconds), doesn't try to block the IP, but rather prevents login attempts for that user account from even reaching the AUTH stage - *unless* the IP in question is in the whitelist.
The question is, where is this best dealt with - firewall (can fail2ban do anything like this?), or would it have to be done in dovecot?
--
Best regards,
*/Charles/*