-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bryan Bradsby wrote: >> Anyway, today I had 8000 login attempts to my dovecot server in an >> hour before blocking the IP with my firewall. >> >> After googling, I didn't see very much discussion on the topic. There >> was some mention of blocksshd which was supposed to support dovecot in >> the next release (but doesn't appear to) and also fail2ban. While a >> script that parses logfiles will work, I'm not sure that this is the >> best way to go about handling repeated authentication failure. >
I wrote blocksshd and had intended to extend it to do Dovecot but decided it was the wrong approach. I think the log parsing approach works for quite well for SSH/FTP and similar simple applications. But for other applications with more complex logic and potentially a wider variety of threats then this function is probably better performed by the application itself. Hence I'd suggest that a 'limits' plug-in or some form of configurable authentication governor in dovecot would be a better approach to counter these sorts of attacks. Regards James Turnbull P.S. Even for SSH/FTP sometimes a simple iptables tweak can also solve a lot of your problems - depends on how granular you want your approach to be. - -- James Turnbull ([EMAIL PROTECTED]) - -- Author of: - - Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) - - Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) - - Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHb0Yb9hTGvAxC30ARAnKSAJ0eLtmVAWsiNOrkvWhna6j05ClUKwCggXS0 y1vm7q6g5m4ep3YeYsdxcJ4= =M++J -----END PGP SIGNATURE-----
