On Fri, 2009-06-26 at 02:01 -0700, V S Rao wrote: > Timo Wrote: You can also just decrease login_process_max_count > > Wouldn't decreasing the login_process_max_count simply create more > problems. Now users will start experiencing timeouts sooner than > before, because whatever is causing the login processes to increase > (attack, rogue process or whatever) will *always* be trying to login > and genuine users will be denied login. So without knowing the root > cause of the issue simply decreasing or increasing the > login_process_max_count will lead to other problems. Correct me if I > am wrong.
Depends on the attacker. Dovecot will always drop the oldest connection. So if attacker is authenticating multiple times in a single session, it's pretty much always the oldest connection that gets killed first. If attacker logins once and then disconnects, I think Dovecot still kills those processes sooner than others, because they're waiting a couple of seconds for "authentication failed".
signature.asc
Description: This is a digitally signed message part