Or just use iptables based on the number of failed password attempts. Just couple it with notification to someone so you don't end up locking out someone that's connecting through a gateway at the same ISP. I'd think it would also be useful to bump a message to the mailbox owner. Both as a heads-up to let them know something's amiss, and for help determining the source of the abuse. Seeing the ip address, domain name or traceroute back to a host might help connect the dots on the perpetrator. I wouldn't tie this to valid sessions that authenticate. I'd also want to set up some sort of timer on the block to avoid something getting stuck there longer than necessary. -Bill Kearney ----- Original Message ----- > Hello, > > it seems some guy wants to hijack POP/IMAP accounts from time to time; > trying out passwords by brute force. I'm not sure about the best way to > handle this. > > - do you know of a (cyrus or non cyrus) way to block or slow down the > access for an IP / username after n insuccessful login attempts? > > - is there a way to implement access policies for POP / IMAP access? > (like POP polls only each n minutes, or bandwidth control?)
