[Dovecot] Auto-blacklisting hosts after too many failed logins

Geert Hendrickx ghen at telenet.be
Tue Aug 29 10:23:49 EEST 2006


On Fri, Aug 25, 2006 at 04:23:32PM +0200, Amon Ott wrote:
> On one of our servers, we experience regular tries to brute force logins,
> probably based on harvested mail addresses. Now I wonder if dovecot has
> or could in future have some mechanism to blacklist remote IP addresses
> after a configurable number of failures to login to any account.

Countless perl scripts exist which parse sshd login logs for login attacks
and insert dynamic firewall rules to temporarily blacklist them.  Those
could easily be adapted to pop3/imap login logs.  

	Geert


More information about the dovecot mailing list