Hi Guys,
Running Dovecot 2 on my server. It is regularly getting dictionary auth
attacked. What I have noticed is that once connected to a pop3/imap
login session, you can send endless incorrect usernames+passwords
attempts. This is a problem for me... I use fail2ban to try and stop
these script kiddies. The problem is that fail2ban detects the bad
auths, firewalls the IP, however, since it's an "established" session,
the attacker can keep authing away... It's only on a subsequent (new)
connection that the firewalling will take effect.
Why is there no configuration option such as "max auth attempts per
connection"? This would be useful, so once the limit is reached, the
connection is dropped.
is there a patch/workaround?