[Dovecot] limiting authentication failures
Eric B. Schorvitz, Ph.D.
eric at pmtechllc.com
Thu Feb 19 13:57:29 EET 2009
In my log files I occasionally get a huge number of Dovecot authentication
failures (see clip below).
I wanted to know if there's a way to limit the number of times an IP address
can attempt to authenticate, if there's a way to have a timeout between
attempted authentications, or if there is a way to limit authentication
attempts by a specific username within a certain period of time.
My current solution is to permanently block the specific IP, an IP range, or
an entire country from accessing my server AFTER I notice the huge number of
authentication failures. This is too ad-hoc a process and was hoping dovecot
has something more proactive built in.
Thank you in advance for spending time considering this inquiry,
Eric
--------------------- pam_unix Begin ------------------------
dovecot:
Authentication Failures:
rhost=::ffff:200.111.39.219 : 764 Time(s)
root: 25 Time(s)
mysql: 6 Time(s)
smmsp: 6 Time(s)
--SNIP--
Unknown Entries:
check pass; user unknown: 764 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin
------------------------
**Unmatched Entries**
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about user info
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about user info
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about user info
dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
about user info
--SNIP--
More information about the dovecot
mailing list