[Dovecot] Limit login attempts per connection?

Tony Nelson tonynelson at georgeanelson.com
Mon Mar 8 08:06:59 EET 2010


On 10-03-04 23:43:25, Tony Nelson wrote:
> On 10-03-04 20:22:15, Frank Cusack wrote:
> > On 3/4/10 6:42 PM -0500 Tony Nelson wrote:
> > > Looking at the source, I see that there are no options.  It
> > > tarpits a bit, but currently has no limit on the number of 
> > > attempts.  I'll see what I can do.
> > 
> > I think it's a brilliant idea.  After one login attempt, all others
> > on the same connection should fail.
> 
> A fan!  Anyway, there should at least be a choice.  Not that I've
> coded a choice, just a dumb patch -- see attachment.  It's a bit of a
> compromise, with a hard-coded limit of 4 attempts.  Maybe I'll lower
> it to 2.

New patch with conf file setting "max_auth_attempts".  The default is 0 
and means no limit; non-zero disconnects after that many login 
failures.  I put it in the main area of the conf file, but IIUC it 
should also work in the pop3 or imap sections and only affect that 
server.  It doesn't affect the tarpitting.

When using it with an IPTables "recent" module rule, set it to 1.
 
-- 
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson at georgeanelson.com>
      '                              <http://www.georgeanelson.com/>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-1.2-limitauth.patch
Type: text/x-patch
Size: 7989 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20100308/eafd8f04/attachment-0001.bin 


More information about the dovecot mailing list