Hello,
is it possible to limit the number of pop3 (or imap) login attempts
from one IP with dovecot to stop attackers? We recently had an attack
from one IP-address lasting 50 minutes that tried 50000 pop3-logins
with guessed users and passwords. I know about Fail2Ban but really
would prefer an easy to configure solution inside of dovecot. Dovecot
has this anvil daemon, can it be used for that purpose?
We use dovcot version 2.0.12 under Solaris 10, the pop3-login part of
the configuration looking like that:
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups =
group =
idle_kill = 0
inet_listener pop3 {
address =
port = 110
ssl = no
}
inet_listener pop3s {
address =
port = 995
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 64 M
}
Thanks, Jürgen
--
Hochschulrechenzentrum der | Mail: [email protected]
Justus-Liebig-Universitaet | WWW: http://www.uni-giessen.de/obermann/
Heinrich-Buff-Ring 44 | Tel: 0641-99-13054 (0641-99-13001)
D-35392 Giessen, Germany | Fax: 0641-99-13009
