On Thu, 2009-06-04 at 18:58 +0200, henry ritzlmayr wrote:
Am Donnerstag, den 04.06.2009, 18:27 +0200 schrieb Steve:
The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file?
Is that not the wrong approach? I mean: all you wanted is to have a log entry showing when there was a username/password mismatch when logging in. And you found out that with normal logging options that log entry only shows up if the connection get's disconnected. Right? So would it not be better to have an option to log ANY username/password login mismatch even if the user/attacker does not disconnect?
Right, logging a wrong username/password should always be done. That's one reason why I favor a disconnect. Almost any service logs a disconnect - so does dovecot.
Also, I think not disconnecting is only supportive to those who want to run scripts as such and perform brute force attacks or hacks, I can see no reason why, if you fail as user unknown, you should not be dropped.