Access Control for POP3 / IMAP
Bill Kearney
wkearney99 at hotmail.com
Thu Feb 8 15:42:38 EST 2007
Or just use iptables based on the number of failed password attempts. Just
couple it with notification to someone so you don't end up locking out
someone that's connecting through a gateway at the same ISP.
I'd think it would also be useful to bump a message to the mailbox owner.
Both as a heads-up to let them know something's amiss, and for help
determining the source of the abuse. Seeing the ip address, domain name or
traceroute back to a host might help connect the dots on the perpetrator.
I wouldn't tie this to valid sessions that authenticate. I'd also want to
set up some sort of timer on the block to avoid something getting stuck
there longer than necessary.
-Bill Kearney
----- Original Message -----
> Hello,
>
> it seems some guy wants to hijack POP/IMAP accounts from time to time;
> trying out passwords by brute force. I'm not sure about the best way to
> handle this.
>
> - do you know of a (cyrus or non cyrus) way to block or slow down the
> access for an IP / username after n insuccessful login attempts?
>
> - is there a way to implement access policies for POP / IMAP access?
> (like POP polls only each n minutes, or bandwidth control?)
More information about the Cyrus-sasl
mailing list