Am 2011-09-23 01:39, schrieb Rick Romero:
Quoting Alex other@ahhyes.net:
It [fail2ban] is a great tool. Unfortunately dovecot allows infinate incorrect logins during a single session. When fail2ban has firewalled the ip its pointless as the rule only affects new sessions [...] If that is a big issue for you, you could always have fail2ban add a dummy route: For example: route add $IP gw 127.0.0.1
... or configure the fail2ban actions so they apply to any traffic from the offending IP. My iptables ruleset has this action:
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
Of course, if you have users that are proxied behind the same address, just one of them would instantly kill everybody's sessions. So I agree with Alex, it would be great to limit the number of failed login attempts per connection.
-hannes