Works on Red Hat Enterprise Linux, CentOS, Scientific Linux, Debian, Ubuntu, Mint, openSUSE, Gentoo, FreeBSD, OpenBSD
You are not logged in. Please login or register.
Is the some way to limit connections from a specific IP that attempt to connect a certain number of times in say, a second?
Thanks in advance.
I'm just going to use Fail2Ban. I'll post my findings here.
Dovecotsupports this.
Try to search 'connection' in dovecot.conf.
Yes, I think it's just applicable in for IMAP. I assume you mean:
# IMAP configuration
# number of connections per-user per-IP
mail_max_userip_connections = 10
Correct?
It works with both POP3 and IMAP. Reference (Search "mail_max_userip_connections" in below URL):
http://wiki.dovecot.org/MainConfig
mail_max_userip_connection
Thanks!
ZhangHuangbin wrote:mail_max_userip_connection
Thanks!
A quick follow up for the community, "mail_max_userip_connections" will not work in my case since it's a user+ip combination. Each different user behind the same IP can use up to 10 connections with "mail_max_userip_connections=10".
This attack was a different username each time but from the same IP address (i.e. brute force usernames AND passwords presumably).
I'll post more as I work through this and thanks again to those offering their support.
Fail2ban, ban it for 12 hours after 10 failed login attempts and that will do it.
Fail2ban, ban it for 12 hours after 10 failed login attempts and that will do it.
Thanks maxie
maxie_ro wrote:Fail2ban, ban it for 12 hours after 10 failed login attempts and that will do it.
Thanks maxie
So I ended up just limiting pop3, smtp and imap (along with their SSL equivalents) in ufw.
I'll post results as I measure success.
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2009 PunBB.
Generated in 0.111 seconds (93% PHP - 7% DB) with 9 queries