On 9/2/2013 8:59 PM, ot...@ahhyes.net wrote: > Hi Guys, > > I was really hoping a couple of years later this would be > addressed... I'm running Dovecot 2.2.5 on FreeBSD. > > Is there anyway to limit the number of auth attempts allowed in a > single session? The reason for this is because I have "fail2ban" > setup to firewall out any IP addresses that repeatedly auth fails. > The issue occurs when the connection is already in an > "established" state and the attacker uses the existing session to > hammer away, fail2ban becomes ineffective as dovecot appears to > allow the person to attempt authentication ad infinitum. > > It would be nice if there was config option that would for example > cause the software to close the connection after X failed > attempts. I use "pf" as the firewall on FreeBSD.
The secret is the "pfctl -k IP" command to drop state for the offending IP. Just add it to your fail2ban action command. action = /sbin/pfctl {whatever you have now} && /sbin/pfctl -k <ip> A nice writeup of fail2ban and pf can be found here: http://www.effu.se/2011/03/Integrating-PF-with-Fail2ban-0.9 -- Noel Jones