Slightly advanced, but note that you CAN block in progress connections
using iptables
What is happening is that the usual top (ish) rule in your iptable
script says something like "continue if connection established", this
can be seen as a performance optimisation to avoid running your full
ruleba
mentioned, I see
someone devised a small patch in c to add this functionality. It didnt look
like a lot of code to do it. What are your thoughts?
- Reply message -
From: "Timo Sirainen"
Date: Sat, Aug 27, 2011 02:30
Subject: [Dovecot] limiting number of incorrect logins per
login-common/client-common.h :
#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)
So set it to (45*60*1000)
But I don't think there's much of a practical difference between these.
On 26.8.2011, at 12.07, Alex wrote:
> 3 minutes! I think that's too long, how can I drop that dow
On 26.8.2011, at 18.27, Allan Cassaro wrote:
> If you substitute (create a wrap to) the "imap-login" binary with an script?
> The script can create a "fail attempt/ip" file into home dir and return ok
> or not to dovecot main process based on this information.
imap-login is typically chrooted and
On Fri, Aug 26, 2011 at 10:14 AM, Alexandre Chapellon wrote:
> fail2ban will work as soon as dovecot have closed a none-authenticated
> connection: 3mins->180sec
> If tarpit delay for auth failures in a connection is set to 15s (which
> seems to be the default unless i missunderstood) this le
fail2ban will work as soon as dovecot have closed a none-authenticated
connection: 3mins->180sec
If tarpit delay for auth failures in a connection is set to 15s (which
seems to be the default unless i missunderstood) this let an
attackers only 12 tries (at most) before IP gets blacklisted by
Yeah, I had read about half of that thread, and after I sent my mail kept
reading and stumbled upon this: "(...) using the recent module needs
dovecotto close the connection upon authentication failure, as iptables only
(normally) comes in to play for new connections (...)".
So, yeah, my suggestio
Alex, I've not personally done it (so just speculating here, bear with me)
but you can customize Fail2Ban's actions if needed. So, if you can match the
attemps through some regex (and since you're seeing them in the logs, that
should be quite possible), then you can edit one of the 'actions' to dro
I am happy to recompile if there is no config option. I gather it's in
the src/auth dir somewhere in one of the C source files. Just need to be
pointed in the right dir.
On Fri, 26 Aug 2011 19:07:08 +1000, Alex wrote:
3 minutes! I think that's too long, how can I drop that down to about
45 sec
3 minutes! I think that's too long, how can I drop that down to about
45 seconds?
On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote:
On 26.8.2011, at 10.25, Alex wrote:
Running Dovecot 2 on my server. It is regularly getting dictionary
auth attacked. What I have noticed is that once co
On 26.8.2011, at 10.25, Alex wrote:
> Running Dovecot 2 on my server. It is regularly getting dictionary auth
> attacked. What I have noticed is that once connected to a pop3/imap login
> session, you can send endless incorrect usernames+passwords attempts. This is
> a problem for me... I use f
message -
From: "Robert Schetterer"
Date: Fri, Aug 26, 2011 17:59
Subject: [Dovecot] limiting number of incorrect logins per connection
To:
Am 26.08.2011 09:25, schrieb Alex:
> Hi Guys,
>
> Running Dovecot 2 on my server. It is regularly getting dictionary auth
> attacked.
Am 26.08.2011 09:25, schrieb Alex:
> Hi Guys,
>
> Running Dovecot 2 on my server. It is regularly getting dictionary auth
> attacked. What I have noticed is that once connected to a pop3/imap
> login session, you can send endless incorrect usernames+passwords
> attempts. This is a problem for me..
Hi Guys,
Running Dovecot 2 on my server. It is regularly getting dictionary auth
attacked. What I have noticed is that once connected to a pop3/imap
login session, you can send endless incorrect usernames+passwords
attempts. This is a problem for me... I use fail2ban to try and stop
these scr
14 matches
Mail list logo