In my log files I occasionally get a huge number of Dovecot authentication failures (see clip below).

I wanted to know if there's a way to limit the number of times an IP address can attempt to authenticate, if there's a way to have a timeout between attempted authentications, or if there is a way to limit authentication attempts by a specific username within a certain period of time.

My current solution is to permanently block the specific IP, an IP range, or an entire country from accessing my server AFTER I notice the huge number of authentication failures. This is too ad-hoc a process and was hoping dovecot has something more proactive built in.

Thank you in advance for spending time considering this inquiry,

Eric

--------------------- pam_unix Begin ------------------------

dovecot:

Authentication Failures:

    rhost=::ffff:200.111.39.219 : 764 Time(s)

   root: 25 Time(s)

   mysql: 6 Time(s)

   smmsp: 6 Time(s)

--SNIP--

Unknown Entries:

   check pass; user unknown: 764 Time(s)

---------------------- pam_unix End -------------------------

--------------------- Connections (secure-log) Begin

**Unmatched Entries**

dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info

dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info

dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info

dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user info

--SNIP--