[Dovecot] Lots of pop3-logins

Noel Butler noel.butler at ausics.net
Fri Jun 26 00:48:26 EEST 2009


On Thu, 2009-06-25 at 15:46 -0400, Timo Sirainen wrote:

> You can also just decrease login_process_max_count. If Dovecot reaches
> the limit, it'll just start killing off old connections that haven't
> logged in.
> 



What would be nice is, an anti brute force option, like xinetd, X-number
of connections from Y i.p. in Z seconds (optional setting of course) or
maybe a way to extend that to detect if the same i.p  is retrying
constantly using different usernames on every new connection within X
seconds, come to think of it, that way would be much cooler :)



> > 
> > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 
> > attempts): user=<warren>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
> > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 
> > attempts): user=<williams>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2
> > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 
> > attempts): user=<www>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2




More information about the dovecot mailing list