On 2/8/07, Martin Schwartz <martin.schwartz@xxxxxxxxxxxx> wrote:
Hello, it seems some guy wants to hijack POP/IMAP accounts from time to time; trying out passwords by brute force. I'm not sure about the best way to handle this. - do you know of a (cyrus or non cyrus) way to block or slow down the access for an IP / username after n insuccessful login attempts?
Check out fail2ban. It's a script that sits and looks at the logs of your choice for failed access attempts and then adds iptable rules to block IP addresses for a period of time based on number of fail access attempts. Should be fairly easy to configure it to look at your cyrus log and block brute force attacks. -- Huaqing Zheng Beer and Code Wrangler at Large
