On Thu, 2009-06-25 at 15:46 -0400, Timo Sirainen wrote: > You can also just decrease login_process_max_count. If Dovecot reaches > the limit, it'll just start killing off old connections that haven't > logged in. >
What would be nice is, an anti brute force option, like xinetd, X-number of connections from Y i.p. in Z seconds (optional setting of course) or maybe a way to extend that to detect if the same i.p is retrying constantly using different usernames on every new connection within X seconds, come to think of it, that way would be much cooler :) > > > > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 > > attempts): user=<warren>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 > > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 > > attempts): user=<williams>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2 > > Jun 21 23:06:04 mail dovecot: pop3-login: Aborted login (auth failed, 1 > > attempts): user=<www>, method=PLAIN, rip=68.14.228.186, lip=10.10.11.2