[ postfixadmin-Feature Requests-3413280 ] Limit Failed AUTH attempts?
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[ postfixadmin-Feature Requests-3413280 ] Limit Failed AUTH attempts?
|
From: SourceForge.net <no...@so...> - 2011-09-25 21:58:03
|
Feature Requests item #3413280, was opened at 2011-09-23 13:47 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3413280&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Wont Fix Priority: 5 Private: No Submitted By: Charles (libertytrek) Assigned to: Nobody/Anonymous (nobody) Summary: Limit Failed AUTH attempts? Initial Comment: I searched and didn't see an existing Feature Request for this, but may have missed something... Is it feasible/possible to add a function in postfixadmin that would temporarily lock out a user account after a configured number of AUTH attempt failures within a specifid time period? For example, consider a hack attempt on a specific users account - I'd like to be able to lock out a users account for, say, 5 minutes, after 3 failed AUTH attempts. So, after 3 failed attempts (bad password, any attempt to log in to that users account gets a TEMPFAIL for 5 minutes, then it will allow up to 3 more tries. Even better would be a way to lock it out permanently after 3 failed cycles on the same day. Anyway, not sure this is doable in postfixadmin, but it sure would add a large extra layer of security. Or... does anyone know if this is possible with fail2ban already? ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2011-09-25 23:58 Message: This is nothing that can be implemented in PostfixAdmin AFAIK, but it should be possible with fail2ban. Basically you need to scan the mail log for authentification failures, filter out the username (or IP) and configure fail2ban to act based on this. The easiest way is probably to block the IP, but AFAIK fail2ban can run any script - for example, you could write a small script that disables the login for the user under attack by setting a flag in the database. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=3413280&group_id=191583 |
