Miles Fidelman
2013-03-03 13:11:28 UTC
Hi Folks,
One of our users recently had her password compromised, and subsequently
had a bunch of spam sent through her email account. It looks to me,
like the compromised was the result of a weak password, coupled with
brute force cracking attempts against both our imap and smtp servers (at
least there are a LOT of failed authentication attempts logged).
Which has led me to wonder: For human logins, its standard practice to
lock an account after some number of failed attempts - at least for a
few minutes, if not until someone intervenes. What with computers being
a LOT faster than humans, it occurs to me to wonder whether there's an
easy way to set imapd to lock out specific IP/username combinations
after some number of failed authentication attempts.
Suggestions?
Thanks very much,
Miles Fidelman
One of our users recently had her password compromised, and subsequently
had a bunch of spam sent through her email account. It looks to me,
like the compromised was the result of a weak password, coupled with
brute force cracking attempts against both our imap and smtp servers (at
least there are a LOT of failed authentication attempts logged).
Which has led me to wonder: For human logins, its standard practice to
lock an account after some number of failed attempts - at least for a
few minutes, if not until someone intervenes. What with computers being
a LOT faster than humans, it occurs to me to wonder whether there's an
easy way to set imapd to lock out specific IP/username combinations
after some number of failed authentication attempts.
Suggestions?
Thanks very much,
Miles Fidelman