[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?

Mike mikee at mikee.ath.cx
Wed Aug 30 22:50:02 EEST 2006


On Wed, 30 Aug 2006, David Rees might have said:

> I'm looking for a way to deny access to dovecot from certain IP
> addresses, basically to help prevent brute force attacks on the
> server.
> 
> Right now I'm using denyhosts which scans /var/log/secure for
> authentication failures which then can add an entry to
> /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support,
> that doesn't do anything.
> 
> It doesn't look like I can run dovecot run xinetd.
> 
> Any other ideas to help protect dovecot from brute force attacks? I
> don't think pam can help, can it?
> 
> Otherwise I need to figure out a way to have denyhosts trigger
> iptables rules or something, or maybe there's another application that
> will work?
> 
> -Dave
> 

What about iptables instead of tcp_wrappers or /etc/hosts.deny?


More information about the dovecot mailing list