Access Control for POP3 / IMAP
huasome at gmail.com
Thu Feb 8 16:11:43 EST 2007
On 2/8/07, Martin Schwartz <martin.schwartz at java-info.de> wrote:
> it seems some guy wants to hijack POP/IMAP accounts from time to time;
> trying out passwords by brute force. I'm not sure about the best way to
> handle this.
> - do you know of a (cyrus or non cyrus) way to block or slow down the
> access for an IP / username after n insuccessful login attempts?
Check out fail2ban. It's a script that sits and looks at the logs of
your choice for failed access attempts and then adds iptable rules to
block IP addresses for a period of time based on number of fail access
attempts. Should be fairly easy to configure it to look at your cyrus
log and block brute force attacks.
Beer and Code Wrangler at Large
More information about the Cyrus-sasl