Smarter login failure blocking (dovecot/exim - pop3 imap smtp)

1 post Page 1 of 1
paulwilliamson
Junior Member
Posts: 8
Joined: 16 Dec 2013, 00:36


Hi,

I was wondering if it would be feasible to implement smarter blocking for login failures as per the following logic:

Do not consider multiple login attempts that use the same IP address, username, and password as separate failures if they occur within the same six-hour period.

We find that we spend a significant proportion of support-time helping customers get unblocked after they set a new email-account password, and they have multiple devices connecting from one location which automatically gets them blocked in the firewall, as the multiple devices are continuing to try with the old password repeatedly, and csf sees (LoginFailure + IP) and they are blocked.

I imagine you may need to do a custom log format for Dovecot/Exim in order to have the information needed to achieve this, and doing so in a secure way would be important.

I searched and was unable to find a similar request, so hoping I am not duplicating a thread.

This feature is present in CPHulk, however we absolutely prefer to use CSF.

Best regards,
Paul. :)
1 post Page 1 of 1