[Dovecot] feature request / question?
Occasionally we get a user who decided they need to pop their account 3 to 4 times a second... usually I just disable their account and shout "no!", but now I have someone trying to do it repeatedly with an invalid username so I don't know who to spank. =) Before if this happened I would block the IP and wait for someone to complain... dovecot doesn't make that very easy, or at least I don't see how.
May 20 20:12:29 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:30 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:31 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:32 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:33 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:34 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username May 20 20:12:34 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username
No IP address, and we do not host thegrid.net. There are no other messages or authetication errors being logged anywhere else either. It would be helpful to have dovecot display the IP address of failed authentications as well... it allready show's it for login's.
-- James L Moser james@powweb.com PowWeb Hosting http://www.powweb.com
/(bb|[^b]{2})/, that is the Question.
mysql>SELECT * FROM user WHERE clue > 0; Empty set (0.03 sec)
Health is merely the slowest possible rate at which one can die... Health nuts are going to feel stupid someday, lying in hospitals dying of nothing...
On Thu, 20 May 2004 20:14:51 -0700 James Moser wrote:
Before if this happened I would block the IP and wait for someone to complain... dovecot doesn't make that very easy, or at least I don't see how.
Can dovecot be built with tcpwrappers support? That would take care of the problem...
hauke
-- Hauke Fath /~\ The ASCII Ribbon Campaign Institut für Nachrichtentechnik \ / No HTML/RTF in email TU Darmstadt X No Word docs in email Ruf +49-6151-16-3281 / \ Respect for open standards
On Fri, 2004-05-21 at 13:17, Hauke Fath wrote:
On Thu, 20 May 2004 20:14:51 -0700 James Moser wrote:
Before if this happened I would block the IP and wait for someone to complain... dovecot doesn't make that very easy, or at least I don't see how.
Can dovecot be built with tcpwrappers support? That would take care of the problem...
Well, you can run Dovecot through inetd.
On Fri, 2004-05-21 at 06:14, James Moser wrote:
Occasionally we get a user who decided they need to pop their account 3 to 4 times a second... usually I just disable their account and shout "no!", but now I have someone trying to do it repeatedly with an invalid username so I don't know who to spank. =) Before if this happened I would block the IP and wait for someone to complain... dovecot doesn't make that very easy, or at least I don't see how.
May 20 20:12:29 mail05 dovecot-auth: mech-plain(jhurley@thegrid.net): invalid username
Currently login process doesn't tell the IP address to auth process, so dovecot-auth doesn't even know the IP. I'll probably change this though. The logging in general should be improved and made more configurable.
No IP address, and we do not host thegrid.net. There are no other messages or authetication errors being logged anywhere else either. It would be helpful to have dovecot display the IP address of failed authentications as well... it allready show's it for login's.
After those "invalid username" errors it shows a failed connect with IP address. It's one of those..
participants (3)
-
Hauke Fath
-
James Moser
-
Timo Sirainen