[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dovecot
Subject:    Re: [Dovecot]
From:       "=?utf-8?B?YWxleEBhaGh5ZXMubmV0?=" <alex () ahhyes ! net>
Date:       2011-08-27 2:18:50
Message-ID: E1Qx8RD-0003cs-BT () ahhyes ! net
[Download RAW message or body]

[Attachment #2 (text/plain)]

Thanks for that. I will change it and recompile. Sorry for the grumpyness yesterday \
in my posts. Was having a bad day. Is there any chance of there being an option on \
future versions that allow a number of failed auth attempts to be specified before \
dropping the connection? The other thread you mentioned, I see someone devised a \
small patch in c to add this functionality. It didnt look like a lot of code to do \
it. What are your thoughts?

----- Reply message -----
From: "Timo Sirainen" <tss@iki.fi>
Date: Sat, Aug 27, 2011 02:30
Subject: [Dovecot] limiting number of incorrect logins per connection
To: "Alex" <alex@ahhyes.net>
Cc: <dovecot@dovecot.org>


login-common/client-common.h :

#define CLIENT_LOGIN_TIMEOUT_MSECS (MASTER_LOGIN_TIMEOUT_SECS*1000)

So set it to (45*60*1000)

But I don't think there's much of a practical difference between these.

On 26.8.2011, at 12.07, Alex wrote:

> 3 minutes! I think that's too long, how can I drop that down to about 45 seconds?
> 
> 
> On Fri, 26 Aug 2011 11:44:45 +0300, Timo Sirainen wrote:
> > On 26.8.2011, at 10.25, Alex wrote:
> > 
> > > Running Dovecot 2 on my server. It is regularly getting dictionary auth \
> > > attacked. What I have noticed is that once connected to a pop3/imap login \
> > > session, you can send endless incorrect usernames+passwords attempts. This is a \
> > > problem for me... I use fail2ban to try and stop these script kiddies. The \
> > > problem is that fail2ban detects the bad auths, firewalls the IP, however, \
> > > since it's an "established" session, the attacker can keep authing away... It's \
> > > only on a subsequent (new) connection that the firewalling will take effect.
> > 
> > Umm. If client hasn't managed to log in in 3 minutes, it's
> > disconnected (no matter what it does with the connection).
> 



[prev in list] [next in list] [prev in thread] [next in thread]