[Dovecot] limiting number of incorrect logins per connection

Alex alex at ahhyes.net
Fri Aug 26 10:25:57 EEST 2011


 Hi Guys,

 Running Dovecot 2 on my server. It is regularly getting dictionary auth 
 attacked. What I have noticed is that once connected to a pop3/imap 
 login session, you can send endless incorrect usernames+passwords 
 attempts. This is a problem for me... I use fail2ban to try and stop 
 these script kiddies. The problem is that fail2ban detects the bad 
 auths, firewalls the IP, however, since it's an "established" session, 
 the attacker can keep authing away... It's only on a subsequent (new) 
 connection that the firewalling will take effect.

 Why is there no configuration option such as "max auth attempts per 
 connection"? This would be useful, so once the limit is reached, the 
 connection is dropped.

 is there a patch/workaround?




More information about the dovecot mailing list