Access Control for POP3 / IMAP

[Bill Kearney]

Or just use iptables based on the number of failed password attempts.  Just
couple it with notification to someone so you don't end up locking out
someone that's connecting through a gateway at the same ISP.

I'd think it would also be useful to bump a message to the mailbox owner.
Both as a heads-up to let them know something's amiss, and for help
determining the source of the abuse.  Seeing the ip address, domain name or
traceroute back to a host might help connect the dots on the perpetrator.

I wouldn't tie this to valid sessions that authenticate.  I'd also want to
set up some sort of timer on the block to avoid something getting stuck
there longer than necessary.

-Bill Kearney

----- Original Message ----- 

> Hello,
>
> it seems some guy wants to hijack POP/IMAP accounts from time to time;
> trying out passwords by brute force. I'm not sure about the best way to
> handle this.
>
> - do you know of a (cyrus or non cyrus) way to block or slow down the
> access for an IP / username after n insuccessful login attempts?
>
> - is there a way to implement access policies for POP / IMAP access?
> (like POP polls only each n minutes, or bandwidth control?)