[Dovecot] disconnect after too many errors?
Timo Sirainen
tss at iki.fi
Sun Dec 9 00:30:40 EET 2007
On 9.12.2007, at 0.23, Peter Hessler wrote:
> On 2007 Dec 09 (Sun) at 00:20:11 +0200 (+0200), Timo Sirainen wrote:
>> On 9.12.2007, at 0.16, Peter Hessler wrote:
>>
>>> There are a couple of jerks that are tying to dictionary attack my
>>> email server, and one of the vectors is pop3/imap logins.
>>> Something I
>>> would like to do in dovecot, but can't seem to find, is the
>>> ability to
>>> disconnect after a certain number of errors. The vast majority
>>> of my
>>> users (i.e. me) don't hand-type POP3 or IMAP transactions, but
>>> when we
>>> do, we know how to spell things properly.
>>>
>>> Does dovecot have this? A simiple look shows no.
>>
>> It's hardcoded to src/imap-login/client.c:
>>
>> #define CLIENT_MAX_BAD_COMMANDS 10
>>
>
> It looks like that doesn't apply to failed logins.
It doesn't, and I don't think it should. A better idea would probably
be to double the delay for each failed login.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20071209/ea34fec5/attachment.bin
More information about the dovecot
mailing list