[Dovecot] limiting number of login attempts from same ip

Jürgen Obermann Juergen.Obermann at hrz.uni-giessen.de
Fri Jun 10 12:22:26 EEST 2011


Hello,

is it possible to limit the number of pop3 (or imap) login attempts  
from one IP with dovecot to stop attackers? We recently had an attack  
from one IP-address lasting 50 minutes that tried 50000 pop3-logins  
with guessed users and passwords. I know about Fail2Ban but really  
would prefer an easy to configure solution inside of dovecot. Dovecot  
has this anvil daemon, can it be used for that purpose?

We use dovcot version 2.0.12 under Solaris 10, the pop3-login part of  
the configuration looking like that:

service pop3-login {
   chroot = login
   client_limit = 0
   drop_priv_before_exec = no
   executable = pop3-login
   extra_groups =
   group =
   idle_kill = 0
   inet_listener pop3 {
     address =
     port = 110
     ssl = no
   }
   inet_listener pop3s {
     address =
     port = 995
     ssl = yes
   }
   privileged_group =
   process_limit = 0
   process_min_avail = 0
   protocol = pop3
   service_count = 1
   type = login
   user = $default_login_user
   vsz_limit = 64 M
}

Thanks, Jürgen

-- 
Hochschulrechenzentrum der | Mail: Juergen.Obermann at hrz.uni-giessen.de
Justus-Liebig-Universitaet | WWW:  http://www.uni-giessen.de/obermann/
Heinrich-Buff-Ring 44      | Tel:  0641-99-13054 (0641-99-13001)
D-35392 Giessen, Germany   | Fax:  0641-99-13009



More information about the dovecot mailing list