[Dovecot] 64.31.19.48 attempt to break into my computer

Hannes Erven h.e at gmx.at
Fri Sep 23 13:03:17 EEST 2011


Am 2011-09-23 01:39, schrieb Rick Romero:
> 
> Quoting Alex <other at ahhyes.net>:
> 
>> It [fail2ban] is a great tool. Unfortunately dovecot allows infinate
>> incorrect logins during a single session. When fail2ban has firewalled
>> the ip its pointless as the rule only affects new sessions
> [...]
> If that is a big issue for you, you could always have fail2ban add a
> dummy route:
> For example:  route add $IP gw 127.0.0.1

... or configure the fail2ban actions so they apply to any traffic from
the offending IP.
My iptables ruleset has this action:

actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP


Of course, if you have users that are proxied behind the same address,
just one of them would instantly kill everybody's sessions. So I agree
with Alex, it would be great to limit the number of failed login
attempts per connection.


-hannes



More information about the dovecot mailing list