Does dovecot have any dictionary attack defenses yet? In the past I have had to implement defense from outside dovecot, but since dovecot is at the front lines and therefore is the first to know I'm hoping by now there is something we can set. For example, a limit on access failures per minut/hour/day or some such. If not why not?
Am 21.10.2014 um 23:28 schrieb Cliff Hayes:> Does dovecot have any dictionary attack defenses yet? > In the past I have had to implement defense from outside dovecot, but > since dovecot is at the front lines and therefore is the first to know > I'm hoping by now there is something we can set. For example, a limit > on access failures per minut/hour/day or some such. If not why not?no - but you can set "auth_failure_delay = 5" and limit new connections per IP to something around 40 per 5 minutes and 100 per 30 minutes which stops many of them or at least limit the amount of tries dramatically -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20141022/2ccfc3b2/attachment-0001.sig>
On Tue, 21 Oct 2014 16:28:46 -0500 Cliff Hayes <chayes at afo.net> wrote:> Does dovecot have any dictionary attack defenses yet? > In the past I have had to implement defense from outside dovecot, but > since dovecot is at the front lines and therefore is the first to know > I'm hoping by now there is something we can set. For example, a limit > on access failures per minut/hour/day or some such. If not why not?In my opinion, fail2ban is the right strategy to deal with a dictionary attack. Instead of adding a layer of attack detection and handling onto every outward facing service running on your server, you can centralize the detection and blocking at one place. -- //Wegge