[Dovecot] Logging passwords on auth failure/dealing with botnets

Charles Marcus CMarcus at Media-Brokers.com
Mon Sep 2 16:53:46 EEST 2013

On 2013-09-02 9:35 AM, Charles Marcus <CMarcus at Media-Brokers.com> wrote:
> Well, it would be nice to have some way to stop brute force attacks 
> (rather than just letting one run rampant until the attacker gives up)

And I left out the obvious "... or worst case, is successful ..." - 
which obviously is why we are having this conversation in the first place...

> Maybe a two pronged approach...
> 1. A whitelist that whitelists IP+username for *successful* logins 
> (maybe with a configurable age-out option)

Of course there should be a default age-out option (24 hours? 48 hours? 
longer? shorter?), but should it be configurable?

> 2. A blacklist that when triggered (x failed login attempts in x seconds)


Maybe to make it simplest, some sane defaults could be decided on, and 
hard code them, with a single config option to enable or disable botnet 
brute-force protection?


Best regards,


More information about the dovecot mailing list