dictionary attack defense

Cliff Hayes chayes at afo.net
Wed Oct 22 03:59:18 UTC 2014

a) I read about auth_failure_delay even before I posted my question and 
I could not figure out the one-line explanation in the dovecot wiki: 
"Number of seconds to delay before replying to failed authentications." 
  It's delaying a reply.  Does that mean the hacker can keep asking as 
fast as he wants?  Is it per user or per IP?

b) I'm familiar with mail_max_userip_connections = x, but I'm not 
familiar with the time limit you mention.

On 10/21/2014 5:02 PM, Reindl Harald wrote:
> Am 21.10.2014 um 23:28 schrieb Cliff Hayes:
>> Does dovecot have any dictionary attack defenses yet?
>> In the past I have had to implement defense from outside dovecot, but
>> since dovecot is at the front lines and therefore is the first to know
>> I'm hoping by now there is something we can set.  For example, a limit
>> on access failures per minut/hour/day or some such.  If not why not?
> no - but you can set "auth_failure_delay = 5" and limit new connections
> per IP to something around 40 per 5 minutes and 100 per 30 minutes which
> stops many of them or at least limit the amount of tries dramatically

More information about the dovecot mailing list