On 07/21/2010 03:06 PM Leonardo Rodrigues wrote: > > i was thinking on something like ... > > 1) after N tries (lets say 10 for example) of wrong username/password > combinations, dovecot could start delaying the answers for wrong > authentications coming from that specific IP address or IP/username, > thus slowing down the brute-force attacks; > 1.1) or even, after some M (lets say 20 for example) wrong > username/password combinations, dovecot could ban that IP address (or IP > address/username combination to avoid problem with big networks with NAT > access) for XX seconds/minutes, also slowing down the brute-force attack > tries > 1.2) this could probably be implemented using some in-memory internal > backend, so it would be absolutely independent on passdb schema and > would require no modifications on passdb schema. >
Install dovecot 2.0.rc3 and try to 'break in'. You will see how dovecot slows down your 'attack'. When you test it with your botnet ( ;-) ), use `doveadm penalty` to see current penalties. Regards, Pascal -- The trapper recommends today: deadbeef.1020...@localdomain.org