-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Mar 03, 2010 at 03:39:28PM -0500, Tony Nelson wrote:
Dovecot allows a large number of login attempts per connection. I'd like to reduce that number to, say, 1, and let my firewall keep the ducks at bay,
If the firewall is the one to do the job, I'd recommend an external application like fail2ban. It watches the logs and bans IP addresses with too many failures -- the nice thing is that it's able to cover all applications listening on external ports. You can define patterns in log files to which it has to react (but it comes with a good set of pre-defined patterns -- at least on popular GNU/Linux distros).
but I can't find anything in /etc/dovecot.conf or by
googling. How do I do it? Do I need to patch the source?
I don't know about such a setting (but I don't know everything about Dovecot either!). Anyway, then it'd still the Dovecot process dealing with the rouge login attempts -- it seems better to keep them at the firewall level with the approach above.
Regards
- -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFLj0psBcgs9XrR2kYRAnamAJ91pD60iJp8UDz/mwpoFE9cpHpdswCdGCYu Mj5he6OOYtP7wWbBWhUmiXQ= =QCJ2 -----END PGP SIGNATURE-----