[Dovecot] Logging passwords on auth failure/dealing with botnets
CMarcus at Media-Brokers.com
Tue Sep 3 13:12:45 EEST 2013
On 2013-09-02 5:11 PM, Noel <noeldude at gmail.com> wrote:
> It would be a lot easier to deploy if some sort of blocker were
> built into dovecot -- after X number of failures during Y seconds,
> fail all future attempts for the account for T seconds.
But again, totally blocking all AUTH attempts like that even blocks
valid attempts by the real user.
Having a whitelist that tracks valid user+IP logins would prevent that.
> Maybe reset the timer on each attempt during the blackout period so the timer
> never expires on the persistent distributed brute force attacks. I
> suppose there would also need to be a way to whitelist IPs so the
> account owner can get in.
Ummm... maybe you didn't read what I wrote? That is what I meant by
'whitelist' in item 1... ;)
On 2013-09-02 9:59 PM, other at ahhyes.net <other at ahhyes.net> wrote:
> Is there anyway to limit the number of auth attempts allowed in a
> single session? The reason for this is because I have "fail2ban" setup
> to firewall out any IP addresses that repeatedly auth fails.
Is there a way to tell fail2ban to block connection attempts NOT based
on IP, but based on other values or value combinations (like user+IP)?
More information about the dovecot