[Dovecot] Dovecot under brute force attack - nice attacker
Timo Sirainen
tss at iki.fi
Thu Jun 4 18:41:01 EEST 2009
On Jun 4, 2009, at 6:16 AM, henry ritzlmayr wrote:
> The problem:
> If the attacker wouldn't have closed and reopened the connection
> no log would have been generated and he/she would have endless
> tries.
With v1.2+ the login failure delay grows after each failed login.
> If I enable auth_verbose every attempt gets logged, but if I read the
> docs correctly this option should only be used for figuring out why
> authentication isn't working.
auth_debug is for figuring out why it's not working. auth_verbose is
useful if you actually care about logging that information. I guess in
your case you would care.
> Question:
> Is there any way to close the connection after the
> first wrong user/pass combination. So an attacker would be forced
> to reopen it?
I think the growing delay is a better idea.
More information about the dovecot
mailing list