search for: master_login_timeout_secs

Hello, given the 2015 revision date, I was curious if anyone can confirm https://wiki2.dovecot.org/Timeouts is still accurate where the 'before login' IMAP timeout remains hard coded? We're having an issue where blocks of IP's from China and similar locations are crawling IP ranges trying common login credentials, and hanging the connections open in the process. We have clients

...ts. The default is 3 minutes hardcoded at diff -r -U0 a/src/lib-master/master-interface.h b/src/lib-master/master-interface.h --- a/src/lib-master/master-interface.h Mon Jun 2 04:50:10 2014 +++ b/src/lib-master/master-interface.h Sat Feb 14 18:41:39 2015 @@ -99,1 +99,1 @@ -#define MASTER_LOGIN_TIMEOUT_SECS (3*60) +#define MASTER_LOGIN_TIMEOUT_SECS (31) Changing it to 31s still seems overly generous, but you can not set it lower unless you also change the next define /* auth server should abort auth requests before that happens */ #define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_...

Hi Guys, Running Dovecot 2 on my server. It is regularly getting dictionary auth attacked. What I have noticed is that once connected to a pop3/imap login session, you can send endless incorrect usernames+passwords attempts. This is a problem for me... I use fail2ban to try and stop these script kiddies. The problem is that fail2ban detects the bad auths, firewalls the IP, however,