[Dovecot] Brute Force Blocking?

Matt lm7812 at gmail.com
Thu Dec 20 22:59:49 EET 2007


> Hi Everyone,
>
> Before I begin, I'd just like to mention: I love dovecot.  Thank you :)
>
> Anyway, today I had 8000 login attempts to my dovecot server in an
> hour before blocking the IP with my firewall.
>
> After googling, I didn't see very much discussion on the topic.  There
> was some mention of blocksshd which was supposed to support dovecot in
> the next release (but doesn't appear to) and also fail2ban.  While a
> script that parses logfiles will work, I'm not sure that this is the
> best way to go about handling repeated authentication failure.
>
> Would it not be best built into dovecot?  Are there any plans for this?

I agree, it would be great to have this built into dovecot.  Spammers
are getting more creative all the time and are not above using brute
force to steal passwords to send spam.

Matt


More information about the dovecot mailing list