> and I notice that dovecot doesn't handle the brute-force attacks too nice. > I reduced the limit a bit to some reasonable looking value: > login_max_processes_count = 32 > to stop them earlier and the number of processes stops at that figure when > an attack happens.
Somewhat off original topic. I cannot help but wander what the goal of the brute force attack is. I am guessing they want a working username and password to relay junk email? I have heard of users having there email address and password stolen by a virus or spyware then used to authenticate and relay thousands of pieces of junk email. We enabled rate-limit on Exim which only allows a given IP to send to X number of message recipients in X amount of time. We also added a plugin to Squirrel Mail to only allow so many recipients per message and only so many messages per day. Matt
