David Rees
2006-Aug-30 19:46 UTC
[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?
I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can run dovecot run xinetd. Any other ideas to help protect dovecot from brute force attacks? I don't think pam can help, can it? Otherwise I need to figure out a way to have denyhosts trigger iptables rules or something, or maybe there's another application that will work? -Dave
Mike
2006-Aug-30 19:50 UTC
[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?
On Wed, 30 Aug 2006, David Rees might have said:> I'm looking for a way to deny access to dovecot from certain IP > addresses, basically to help prevent brute force attacks on the > server. > > Right now I'm using denyhosts which scans /var/log/secure for > authentication failures which then can add an entry to > /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, > that doesn't do anything. > > It doesn't look like I can run dovecot run xinetd. > > Any other ideas to help protect dovecot from brute force attacks? I > don't think pam can help, can it? > > Otherwise I need to figure out a way to have denyhosts trigger > iptables rules or something, or maybe there's another application that > will work? > > -Dave >What about iptables instead of tcp_wrappers or /etc/hosts.deny?
John Peacock
2006-Aug-30 19:50 UTC
[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?
David Rees wrote:> I'm looking for a way to deny access to dovecot from certain IP > addresses, basically to help prevent brute force attacks on the > server.IMNSHO, this is a funtion of your firewall; it's not really dovecot's business. Look at some of the freeware IDS systems out there, which will monitor system logs and adjust firewall rules on the fly... John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748
Ken A
2006-Aug-30 20:42 UTC
[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?
http://www.ossec.net/ fail2ban looks interesting too, but doesn't appear to allow whitelisting? That could be bad.. Ken Pacific.Net David Rees wrote:> I'm looking for a way to deny access to dovecot from certain IP > addresses, basically to help prevent brute force attacks on the > server. > > Right now I'm using denyhosts which scans /var/log/secure for > authentication failures which then can add an entry to > /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, > that doesn't do anything. > > It doesn't look like I can run dovecot run xinetd. > > Any other ideas to help protect dovecot from brute force attacks? I > don't think pam can help, can it? > > Otherwise I need to figure out a way to have denyhosts trigger > iptables rules or something, or maybe there's another application that > will work? > > -Dave >