Am 10.06.2011 11:22, schrieb Jürgen Obermann:
Hello,
is it possible to limit the number of pop3 (or imap) login attempts from one IP with dovecot to stop attackers? We recently had an attack from one IP-address lasting 50 minutes that tried 50000 pop3-logins with guessed users and passwords. I know about Fail2Ban but really would prefer an easy to configure solution inside of dovecot. Dovecot has this anvil daemon, can it be used for that purpose?
We use dovcot version 2.0.12 under Solaris 10, the pop3-login part of the configuration looking like that:
service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = port = 110 ssl = no } inet_listener pop3s { address = port = 995 ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 64 M }
Thanks, Jürgen
look http://wiki2.dovecot.org/HowTo/Fail2Ban
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria