Hello,
is it possible to limit the number of pop3 (or imap) login attempts
from one IP with dovecot to stop attackers? We recently had an attack
from one IP-address lasting 50 minutes that tried 50000 pop3-logins
with guessed users and passwords. I know about Fail2Ban but really
would prefer an easy to configure solution inside of dovecot. Dovecot
has this anvil daemon, can it be used for that purpose?
We use dovcot version 2.0.12 under Solaris 10, the pop3-login part of
the configuration looking like that:
service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 64 M }
Thanks, Jürgen
-- Hochschulrechenzentrum der | Mail: Juergen.Obermann@hrz.uni-giessen.de Justus-Liebig-Universitaet | WWW: http://www.uni-giessen.de/obermann/ Heinrich-Buff-Ring 44 | Tel: 0641-99-13054 (0641-99-13001) D-35392 Giessen, Germany | Fax: 0641-99-13009