Udo Rader wrote:
Seth Mattinen schrieb:
Udo Rader wrote:
Udo Rader schrieb:
Hi,
we have recently been hit by a couple of brute force password
attacks against dovecot. So what I want to do now is to add dovecot
to fail2ban in order to block further attacks.
However, I don't seem to be able to find out password verifification
failures for our LDAP based user data.
The only thing I see are loads of lines like these in the logfiles:
-------CUT-------
dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected:
user=<ludovic>, method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected:
user=<luna>, method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
dovecot: Nov 30 09:09:51 Info: pop3-login: Disconnected:
user=<luke>, method=PLAIN, rip=217.147.235.52, lip=81.16.98.99
-------CUT-------
Googling the web I found that PAM based authentication obviously
gives a matchable error message, but for some reasons the ldap
backend does not - or does it?
Any pointers highly appreciated :-)
Solved it myself, adding changing to "auth_verbose = yes" in
dovecot.conf solved it.
Any reasons why this isn't enabled by default?
Because it's a debugging switch.
hmm, that's weird then.
Without turning on this "debugging switch" (LDAP) authentication
failures are not logged, so that's a pretty essential functionality
missing then.
You're also running an old version. For me with 1.1.2, "dovecot:
imap-login: Aborted login (auth failed, 0 attempts): rip=x.x.x.x,
lip=x.x.x.x" is fine. If you want lots of details, turn on debugging.
~Seth
