Force TCP socket disconnect on imap login failure?

Stuart Henderson stu at spacehopper.org
Wed May 25 08:00:46 UTC 2022


On 2022-05-24, Hippo Man <hippoman at gmail.com> wrote:
> * Hacker makes numerous login attempts one after the other with various
> passwords, and without disconnecting in between attempts. I've seen 10 and
> more of these repeated attempts rapidly during a single imap or pop3
> connection.

"numerous" and "rapidly" sounds wrong; between auth_failure_delay (in a single
connection) and the penalty mechanism for all connections from an IP address
(https://doc.dovecot.org/configuration_manual/authentication/auth_penalty/)
it should soon get beyond "rapidly".

Is there something in your config that disables this? Or is your idea of
"rapidly" just different to mine?




More information about the dovecot mailing list