how to limit pop/imap login password attempts

Martin Kraus lists_mk at
Wed Nov 21 08:27:53 EST 2007

  I've been trying to figure out, how to limit login attempts for cyrus
pop/imap daemons. I'm trying to prevent brute-force password guessing. I'm
using cyrus sasl with /etc/sasldb2 user database, which also authenticates
postfix users. I'd like to solve this problem through sasl so I won't have to
figure the same for postfix or keep different passwords for mailboxes and
smtp. Is there any mechanism to do this through sasl or do I have to try doing
it through a firewall? 

I'm running debian etch system. If imap and pop do not allow multiple login
attempts within a single session, I could try to work around this problem
using iptables with the recent module but it's like scratching your left ear
with your right hand around the back of your head.

thanks for any pointers
Martin Kraus

More information about the Info-cyrus mailing list