On 2022-05-24, Hippo Man <hippo...@gmail.com> wrote: > * Hacker makes numerous login attempts one after the other with various > passwords, and without disconnecting in between attempts. I've seen 10 and > more of these repeated attempts rapidly during a single imap or pop3 > connection.
"numerous" and "rapidly" sounds wrong; between auth_failure_delay (in a single connection) and the penalty mechanism for all connections from an IP address (https://doc.dovecot.org/configuration_manual/authentication/auth_penalty/) it should soon get beyond "rapidly". Is there something in your config that disables this? Or is your idea of "rapidly" just different to mine?