On Thu, 2009-06-04 at 18:58 +0200, henry ritzlmayr wrote: > Am Donnerstag, den 04.06.2009, 18:27 +0200 schrieb Steve: > > > The Idea is good but I guess an option to just disconnect the attacker > > > wouldn't hurt in the config file? > > > > > Is that not the wrong approach? I mean: all you wanted is to have a log > > entry showing when there was a username/password mismatch when logging in. > > And you found out that with normal logging options that log entry only > > shows up if the connection get's disconnected. Right? So would it not be > > better to have an option to log ANY username/password login mismatch even > > if the user/attacker does not disconnect? > > Right, logging a wrong username/password should always be done. > That's one reason why I favor a disconnect. Almost any service > logs a disconnect - so does dovecot. >
Also, I think not disconnecting is only supportive to those who want to run scripts as such and perform brute force attacks or hacks, I can see no reason why, if you fail as user unknown, you should not be dropped.
