3 minutes! I think that's too long, how can I drop that down to about
45 seconds?
On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote:
On 26.8.2011, at 10.25, Alex wrote:
Running Dovecot 2 on my server. It is regularly getting dictionary
auth attacked. What I have noticed is that once connected to a
pop3/imap login session, you can send endless incorrect
usernames+passwords attempts. This is a problem for me... I use
fail2ban to try and stop these script kiddies. The problem is that
fail2ban detects the bad auths, firewalls the IP, however, since it's
an "established" session, the attacker can keep authing away... It's
only on a subsequent (new) connection that the firewalling will take
effect.
Umm. If client hasn't managed to log in in 3 minutes, it's
disconnected (no matter what it does with the connection).