[Dovecot] Apple patches 6-8
Timo Sirainen
tss at iki.fi
Wed Dec 17 17:58:16 EET 2008
On Dec 17, 2008, at 5:47 PM, Jose Celestino wrote:
> Words by Mike Abbott [Wed, Dec 17, 2008 at 09:35:16AM -0600]:
>> Here are a few more patches. Still keeping it easy for now. Again
>> the
>> basis for these patches is dovecot-1.1.7.
>>
> [...]
>> Patch #8. Back off after auth failures to deter abusers. Stalls 5
>> seconds per failed attempt.
>
> Can you make #8 configurable? We already have a sleep on auth
> failure on
> the module that does the auth (checkpassword) with some extra checks
> (for instance does not sleep on autentications coming from our webmail
> servers because they already do that) so we may not want that enabled.
dovecot-auth already does internally a 0-2 second failure delay
(flushes failures every 2 seconds). Hmm. Wonder if the increased
waiting could be done by dovecot-auth instead. There you can already
disable the internal wait by returning a "nodelay" field from
checkpassword (maybe you do already?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081217/e444cd32/attachment.bin
More information about the dovecot
mailing list