[Dovecot] Logging passwords on auth failure/dealing with botnets
CMarcus at Media-Brokers.com
Mon Sep 2 16:53:46 EEST 2013
On 2013-09-02 9:35 AM, Charles Marcus <CMarcus at Media-Brokers.com> wrote:
> Well, it would be nice to have some way to stop brute force attacks
> (rather than just letting one run rampant until the attacker gives up)
And I left out the obvious "... or worst case, is successful ..." -
which obviously is why we are having this conversation in the first place...
> Maybe a two pronged approach...
> 1. A whitelist that whitelists IP+username for *successful* logins
> (maybe with a configurable age-out option)
Of course there should be a default age-out option (24 hours? 48 hours?
longer? shorter?), but should it be configurable?
> 2. A blacklist that when triggered (x failed login attempts in x seconds)
Maybe to make it simplest, some sane defaults could be decided on, and
hard code them, with a single config option to enable or disable botnet
More information about the dovecot