[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?
Mike
mikee at mikee.ath.cx
Wed Aug 30 22:50:02 EEST 2006
On Wed, 30 Aug 2006, David Rees might have said:
> I'm looking for a way to deny access to dovecot from certain IP
> addresses, basically to help prevent brute force attacks on the
> server.
>
> Right now I'm using denyhosts which scans /var/log/secure for
> authentication failures which then can add an entry to
> /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support,
> that doesn't do anything.
>
> It doesn't look like I can run dovecot run xinetd.
>
> Any other ideas to help protect dovecot from brute force attacks? I
> don't think pam can help, can it?
>
> Otherwise I need to figure out a way to have denyhosts trigger
> iptables rules or something, or maybe there's another application that
> will work?
>
> -Dave
>
What about iptables instead of tcp_wrappers or /etc/hosts.deny?
More information about the dovecot
mailing list