We alse have same problem, now we are running Dovecot 2.2.30.2 and also use Dovecot SASL for SMTP authentication (postfix 2.11). We need to save all failed login attempts to database as source IP address, username and date and time but post-login script can do this but only after successful login. Failed login attempts information may be useful in the fight with bruteforce attacks. It's possible to execude some script after failed login ("Password mismatch") ?
Regards, Jacek
On June 12, 2017 at 3:39 PM "j.emerlik" <j.emerlik@gmail.com> wrote:
We alse have same problem, now we are running Dovecot 2.2.30.2 and also use Dovecot SASL for SMTP authentication (postfix 2.11). We need to save all failed login attempts to database as source IP address, username and date and time but post-login script can do this but only after successful login. Failed login attempts information may be useful in the fight with bruteforce attacks. It's possible to execude some script after failed login ("Password mismatch") ?
Regards, Jacek
You can try to do this using our auth policy API. See https://wiki2.dovecot.org/Authentication/Policy
It will report both successful and unsuccessful authentication with fields you specify.
Aki
On June 12, 2017 at 3:39 PM "j.emerlik" <j.emerlik@gmail.com> wrote:
We alse have same problem, now we are running Dovecot 2.2.30.2 and also use Dovecot SASL for SMTP authentication (postfix 2.11). We need to save all failed login attempts to database as source IP address, username and date and time but post-login script can do this but only after successful login. Failed login attempts information may be useful in the fight with bruteforce attacks. It's possible to execude some script after failed login ("Password mismatch") ?
Regards, Jacek
AT> You can try to do this using our auth policy API. See AT> https://wiki2.dovecot.org/Authentication/Policy
If you do get this working [logging failed auth's] I'd personally be very interested in your script so we could reproduce it in our environment too. If you'd be willing to share, I'd be grateful. [I'm pretty sure others would be too.]
-Greg
Em 12/06/17 09:39, j.emerlik escreveu:
Failed login attempts information may be useful in the fight with bruteforce attacks.
fail2ban is your friend, it can analyze the logs, no need for saving that on database.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email itI need to save that to database because I have more then one mail server and them must share each other failed login attempts information. I'll try check how Dovecot Authentication Policy works.
--JAcek
2017-06-12 16:50 GMT+02:00 Leonardo Rodrigues <leolistas@solutti.com.br>:
Em 12/06/17 09:39, j.emerlik escreveu:
Failed login attempts information may be useful in the fight with bruteforce attacks.
fail2ban is your friend, it can analyze the logs, no need for savingthat on database.
--
Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@solutti.com.br My SPAMTRAP, do not email it
You might be interested on using https://github.com/PowerDNS/weakforced which is intended for deterring brute force attacks on clustered setups.
Logging auth attemps with auth policy API requires you run some web service that will perform the logging.
Aki
On June 12, 2017 at 5:58 PM "j.emerlik" <j.emerlik@gmail.com> wrote:
I need to save that to database because I have more then one mail server and them must share each other failed login attempts information. I'll try check how Dovecot Authentication Policy works.
--JAcek
2017-06-12 16:50 GMT+02:00 Leonardo Rodrigues <leolistas@solutti.com.br>:
Em 12/06/17 09:39, j.emerlik escreveu:
Failed login attempts information may be useful in the fight with bruteforce attacks.
fail2ban is your friend, it can analyze the logs, no need for savingthat on database.
--
Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@solutti.com.br My SPAMTRAP, do not email it
participants (4)
-
Aki Tuomi
-
Gregory Sloop
-
j.emerlik
-
Leonardo Rodrigues