Displaying 20 results from an estimated 20000 matches similar to: "Any way to let dovecot block pop3 attempts?"
2013 Dec 28
1
pop3 rate limit
Hi,
we have customers with Exchange servers that are polling for new mail every minute with dozens of pop3 accounts. I am looking for a mechanism to rate limit this per user. So what I am looking for is a way to block users from polling, if a user asks for new mail more than every 5 minutes (for example).
Is this possible? Can this be achieved within Dovecot or does it need external scripting?
2013 Apr 09
1
Any simple way to block logins by IP address?
Does Dovecot have a facility to block pop3 and imap logins by IP
address. I usually do this by putting the IPs in my border firewall, but
it's in transition currently to a new one, and I'd like to end
connection fairly fast.
If it matters, I'm using 2.0.9.
Thanks
steve campbell
2008 Dec 09
8
pop3 attack
I was looking at my maillog and it looks like someone is trying to get
into my pop3 server.
Dec 9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
Dec 9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
Dec 9
2014 Jun 16
4
iptables question
I'm running fail2ban to attempt to block malicious brute-force password
dictionary attacks against ssh. They seem to be rolling through a block of ip
addresses as the source to defeat this kind of screening, so I've set some ip
addresses to be blocked in iptables. Here is the output of iptables -L (edited):
Chain INPUT (policy ACCEPT)
target prot opt source destination
2020 Jun 21
6
firewall questions
I'm running Centos 7.8.2003, with firewalld.
I was getting huge numbers of ssh attempts per day from a few specific
ip blocks.
The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24
and 118.0.0.0/24, and they amounted to a multiple thousands of attempts
per day. I installed and configured fail2ban, but still saw a lot of
attempts in the logs, and the ipset created was
2007 Sep 28
4
1.0.5: many pop3-login processes?
Hello,
We are running dovecot 1.0.5 on a test server, with FreeBSD 6.2
(though I have noticed the same problem since dovecot versions in the
0.99 range).
We don't have very many simultaneous pop/imap users, but we have a
proliferation of pop3-login processes.
Currently we have 128 such processes. We have 11 imap-login processes,
but only a few actual imap processes running.
Is this normal?
2013 Oct 22
4
Odd Feature Request - RBL blacklist lookup to prevent authentication
I would like to have a list of IPs (hacker list) that I can do a lookup
on so that if anyone tries to authenticate to dovecot they always fail
if they are on my list.
I have the list - and the list is available as a DNS blacklist.
I'd like to have it work with both local IP lists or RBL lookup.
The idea is so hackers from known IP addresses never succeed.
If Dovecot provides the feature
2010 Feb 06
2
pop3 quick question
Hello list,
I have found imap_allowed option in dovecot which do exactly what I need, for imap. Is there something similar for pop3 protocol?
The main goal for it - is to enable pop3 access to specific users.
Or maybe dovecot have some 'pop3=yes' or 'imap=no' args to userdb/passdb sections ?
I know future dovecot 2.* versions will support rewriting for protocols, but this is
2010 Jun 03
5
Configure unsuccessful login attempts
Hi,
using PAM, how can I configure how many attempts a user can make to
connect, and if exceeding a certain number, block him for a specified
amount of time?
Any idea what the defaults are?
2012 Feb 23
6
Why is dovecot involved in my smtp process
I've been trying to get smtp auth set up for days. All my sendmail and
sasl2 stuff seems to be proper, but the user can't use the system on
port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I've
2014 Feb 04
3
Applying a DNS RBL to deny authentication?
Hope to get some attention about this idea to reduce hacking passwords.
Here is a list of about 700,000 IP addresses that are hacking passwords
through SMTP AUTH
http://ipadmin.junkemailfilter.com/auth-hack.txt
This is a list of IP addresses that attempted to authenticate against my
fake AUTH advertizing on servers with no authentication. We do front end
spam filtering for thousands of
2008 Dec 23
6
Security advice, please
My LAN is behind a Netgear router, which does NAT. On the CentOS server I
have fail2ban running. This morning my router reported 3 different IPs
attempting to send UDP packets to port 38950, Since each address is only seen
4-5 times, I presume that fail2ban took over after that.
GRC reports that ports are stealthed (port 143 was open, but is now closed),
but then:
Unsolicited Packets:
2014 May 12
4
Suggestions please about what I need.
I hate to use that "noob" word, but in this case I think it might be
proper.
Our company is getting ready to get rid of Netware and start using
Samba. It will require that users log in and by doing so, have a login
script map drives to particular drive letters base on either their user
or group.
I've been administering Centos servers for quite a while. I have no
problem with
2007 Apr 08
2
IP Tables block for POP3 attacks with Dovecot
Has anyone implemented a script to block IPs which are attacking on POP3
ports using dovecot logs to indicate repetitive failed login attempts?
sshblack does this nicely for ssh (port 22) attacks by monitoring the
/var/log/secure file. I am considering rewriting this to POP3 port
(110), but if it has already been done, I sure don't need the practice.
Thanks!
2014 May 26
1
LDAP: allow pop3, restrict imap
Hello,
I have all userdata in a ldapserver. Every user has the right to use pop3.
There is no explicit attribute allowing that. It's simply possible.
Now I like to add imap. For a starting period I like to restrict, who
may use imap.
http://wiki2.dovecot.org/Authentication/RestrictAccess mention a solution
where I could modify ldap pass_filter. But that require an attribute
2006 Dec 01
6
POP3 protection
I have some users that I will not allow to use POP3 thru my system, but
force them to use webmail.
Would it be possible to put an extra option in dovecot.conf to force this:
# -----------------------------------------------------------------
# Logon processes
# user = <username>,<password>
# -----------------------------------------------------------------
user =
2013 Sep 03
1
stopping dictionary attacks (pop3)
Hi Guys,
I was really hoping a couple of years later this would be addressed...
I'm running Dovecot 2.2.5 on FreeBSD.
Is there anyway to limit the number of auth attempts allowed in a
single session? The reason for this is because I have "fail2ban" setup
to firewall out any IP addresses that repeatedly auth fails. The issue
occurs when the connection is already in an
2009 Jul 09
3
Looking for recommendations for blocking hacking attempts
Hello:
I have been looking into projects that will automatically
restrict hacking attempts on my servers running CentOS 5.
I think the two top contenders are:
DenyHosts - http://denyhosts.sourceforge.net
Fail2ban - http://www.fail2ban.org
>From what I see, DenyHosts only blocks based on failed
SSH attempts whereas Fail2ban blocks failed attempts
for other access as well.
The main benefit
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2009 May 14
6
Dealing with brute force attacks
Over the weekend one of our servers at a remote location was
hammered by an IP originating in mainland China. This attack was
only noteworthy in that it attempted to connect to our pop3 service.
We have long had an IP throttle on ssh connections to discourage
this sort of thing. But I had not considered the possibility that
other services were equally at risk. Researching this on the web
does