[Dovecot] set delay between pop3-logins
I'm using dovecot 1.1.8 on a raq4 server running centos 4.8 Is it possible to set a time delay between all dovecot pop3-logins? say 20 - 30 seconds for example? My reason is I want to thwart the constant login attempts from hackers hunting for an open relay. It's no good blocking the ip address because every hack attempt comes in from a different address. I'm the only user on the server so no-one else would be affected by such a delay. Thanks for any pointers
-- View this message in context: http://old.nabble.com/set-delay-between-pop3-logins-tp32134037p32134037.html Sent from the Dovecot mailing list archive at Nabble.com.
On 25/07/11 20:05, tonjg wrote:
I'm using dovecot 1.1.8 on a raq4 server running centos 4.8 Is it possible to set a time delay between all dovecot pop3-logins? say 20 - 30 seconds for example? My reason is I want to thwart the constant login attempts from hackers hunting for an open relay. It's no good blocking the ip address because every hack attempt comes in from a different address. I'm the only user on the server so no-one else would be affected by such a delay. Thanks for any pointers
Hi,
dovecot 2.x has an automatic backoff system (see auth_failure_delay config option).
When you're not interested in upgrading, an external tool like fail2ban can block the ip adresses for you automatically. And if you are the only user, you could also just open up your firewall for your personal ip addresses, and block access for the rest of the world.
-- Regards, Tom
Tom Hendrikx wrote:
dovecot 2.x has an automatic backoff system (see auth_failure_delay config option).
When you're not interested in upgrading <snip>
I think with my old server upgrading to 2.x is not an option so I'll have to check out fail2ban. It looks a bit complicated though... I'll also have to look into restricting dovecot to just my ip address only. I might be able to do that at the router and that seems a better idea. Thanks for your help.
View this message in context: http://old.nabble.com/set-delay-between-pop3-logins-tp32134037p32135502.html Sent from the Dovecot mailing list archive at Nabble.com.
On 25/07/2011 22:07, tonjg wrote:
Tom Hendrikx wrote:
dovecot 2.x has an automatic backoff system (see auth_failure_delay config option).
When you're not interested in upgrading <snip>
I think with my old server upgrading to 2.x is not an option so I'll have to check out fail2ban. It looks a bit complicated though... I'll also have to look into restricting dovecot to just my ip address only. I might be able to do that at the router and that seems a better idea. Thanks for your help.
Fail2ban is not useful in your case since it only counts logins from ip addresses, not blocking user names
Upgrading to dovecot 2.0 ought to be way less scary than you think... Something is wrong with your installation if not... (backup /etc/dovecot, not much else can go wrong...)
The main thing you could investigate is some custom login handler, eg I think the pop before smtp is handled with some script - perhaps get that to be some more complex script which implements the behaviour you desire?
I think this is an interesting area to improve - Good luck
Ed W
Fail2ban is not useful in your case since it only counts logins from ip addresses, not blocking user names
Doesn't fail2ban count what it's taught to count.? If there is some distinct log messages you could regex for, it's an option. (On a Debian box you could check /etc/fail2ban/filter.d for some examples.)
participants (4)
-
dovecot@schu.io
-
Ed W
-
Tom Hendrikx
-
tonjg