[Dovecot] Logging passwords on auth failure/dealing with botnets

Noel noeldude at gmail.com
Sun Sep 1 22:59:35 EEST 2013

On 9/1/2013 10:00 AM, Charles Marcus wrote:
> On 2013-08-30 7:55 PM, Joseph Tam <jtam.home at gmail.com> wrote:
>> Michael Smith writes:
>>> We're already running fail2ban, but it doesn't seem that effective
>>> against botnets, when they only do one attempt per IP.
>> Yeah, distributed BFDs are tough to block unless you can
>> characterize
>> the clients well.
> Wonder if there's a way to leverage Stan Hoeppner's most excellent
> botnet killer to reject AUTHs from the same types of clients
> before they even try?
> Stan?

The objective of Stan's list is to reject dynamic hosts, because the
overwhelming majority of dynamic hosts trying to send via SMTP are

For dovecot, the situation is quite different. Blocking all dynamic
IPs would be an obvious mistake.

  -- Noel Jones

More information about the dovecot mailing list