login-common/client-common.h : #define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
So set it to (45*60*1000) But I don't think there's much of a practical difference between these. On 26.8.2011, at 12.07, Alex wrote: > 3 minutes! I think that's too long, how can I drop that down to about 45 > seconds? > > > On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote: >> On 26.8.2011, at 10.25, Alex wrote: >> >>> Running Dovecot 2 on my server. It is regularly getting dictionary auth >>> attacked. What I have noticed is that once connected to a pop3/imap login >>> session, you can send endless incorrect usernames+passwords attempts. This >>> is a problem for me... I use fail2ban to try and stop these script kiddies. >>> The problem is that fail2ban detects the bad auths, firewalls the IP, >>> however, since it's an "established" session, the attacker can keep authing >>> away... It's only on a subsequent (new) connection that the firewalling >>> will take effect. >> >> Umm. If client hasn't managed to log in in 3 minutes, it's >> disconnected (no matter what it does with the connection). >
