Access Control for POP3 / IMAP

Huaqing Zheng huasome at gmail.com
Thu Feb 8 16:11:43 EST 2007


On 2/8/07, Martin Schwartz <martin.schwartz at java-info.de> wrote:
> Hello,
>
> it seems some guy wants to hijack POP/IMAP accounts from time to time;
> trying out passwords by brute force. I'm not sure about the best way to
> handle this.
>
> - do you know of a (cyrus or non cyrus) way to block or slow down the
> access for an IP / username after n insuccessful login attempts?

Check out fail2ban.  It's a script that sits and looks at the logs of
your choice for failed access attempts and then adds iptable rules to
block IP addresses for a period of time based on number of fail access
attempts.  Should be fairly easy to configure it to look at your cyrus
log and block brute force attacks.

-- 
Huaqing Zheng
Beer and Code Wrangler at Large


More information about the Cyrus-sasl mailing list