Tackling Password Brute-Forcing and Authentication Abuse

Since joining Open-Xchange last year, one of the security products that I’ve been closest to has been a project that started as a collaboration between our colleagues at PowerDNS and Dovecot, which tackles the thorny problem of large-scale authentication abuse at communications service providers (Authentication abuse includes password brute forcing, end-user account compromise, and denial of service attacks). That project has now evolved into Dovecot Anti-Abuse Shield,  which is a component of Dovecot Pro and which has just been released, and which includes connectors for Dovecot and AppSuite.Dovecot Anti-Abuse Shield, like all of our software, is primarily an open-source project, and represents the first true collaborative product between Dovecot, PowerDNS and Open-Xchange. The central server shares many common technical features with other products in the OX family, including a Lua scripting engine, which provides an extremely high performance mechanism to enforce customer authentication and authorization policies, a remote console, and a full REST API.Most ISPs and Mail Providers have some sort of email protection, but very few have protection for WebMail, POP and IMAP, which creates a problem for their abuse teams who often have to cobble together homegrown systems to try to detect and stop the abuse through these channels. Dovecot Anti-Abuse Shield solves this problem by providing a single system for handling abuse. It integrates with both OX App Suite and Dovecot Pro to protect against login and authentication abuse, brute force attacks and also to enforce common authentication and authorization policies across the platform.