[Dovecot] SQL/LDAP Lockouts?

Wouter Van Hemel wouter-dovecot at fort-knox.rave.org
Fri Dec 10 07:17:57 EET 2004


On Thu, 9 Dec 2004, Ben Beuchler wrote:

> On Thu, Dec 09, 2004 at 09:20:21PM +0000, Paul Reilly wrote:
>
>>> Then again, the convention net.wisdom at least -used- to be that this
>>> was a bad idea, because it became an easy DOS attack.
>>>
>> I take your point. But at the same time if there's no lockout mechanism
>> a brute force attack will eventually guess the passwords.
>
> Tarpitting seems like a good approach, here.
>
>

I was just about to mail the same. That might be a nice post-1.0 feature. 
Especially if more software will use dovecot for authentication.



More information about the dovecot mailing list