dictionary attack defense
chayes at afo.net
Wed Oct 22 03:59:18 UTC 2014
a) I read about auth_failure_delay even before I posted my question and
I could not figure out the one-line explanation in the dovecot wiki:
"Number of seconds to delay before replying to failed authentications."
It's delaying a reply. Does that mean the hacker can keep asking as
fast as he wants? Is it per user or per IP?
b) I'm familiar with mail_max_userip_connections = x, but I'm not
familiar with the time limit you mention.
On 10/21/2014 5:02 PM, Reindl Harald wrote:
> Am 21.10.2014 um 23:28 schrieb Cliff Hayes:
>> Does dovecot have any dictionary attack defenses yet?
>> In the past I have had to implement defense from outside dovecot, but
>> since dovecot is at the front lines and therefore is the first to know
>> I'm hoping by now there is something we can set. For example, a limit
>> on access failures per minut/hour/day or some such. If not why not?
> no - but you can set "auth_failure_delay = 5" and limit new connections
> per IP to something around 40 per 5 minutes and 100 per 30 minutes which
> stops many of them or at least limit the amount of tries dramatically
More information about the dovecot