In my log files I occasionally get a huge number of Dovecot authentication failures (see clip below).
I wanted to know if there's a way to limit the number of times an IP address can attempt to authenticate, if there's a way to have a timeout between attempted authentications, or if there is a way to limit authentication attempts by a specific username within a certain period of time.
My current solution is to permanently block the specific IP, an IP range, or an entire country from accessing my server AFTER I notice the huge number of authentication failures. This is too ad-hoc a process and was hoping dovecot has something more proactive built in.
Thank you in advance for spending time considering this inquiry,
Eric
--------------------- pam_unix Begin ------------------------
dovecot:
Authentication Failures:
rhost=::ffff:200.111.39.219 : 764 Time(s)
root: 25 Time(s)
mysql: 6 Time(s)
smmsp: 6 Time(s)--SNIP--
Unknown Entries:
check pass; user unknown: 764 Time(s)---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin
**Unmatched Entries**
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info
--SNIP--