[Dovecot] Apple patches 6-8

Timo Sirainen tss at iki.fi
Wed Dec 17 17:58:16 EET 2008


On Dec 17, 2008, at 5:47 PM, Jose Celestino wrote:

> Words by Mike Abbott [Wed, Dec 17, 2008 at 09:35:16AM -0600]:
>> Here are a few more patches.  Still keeping it easy for now.  Again  
>> the
>> basis for these patches is dovecot-1.1.7.
>>
> [...]
>> Patch #8.  Back off after auth failures to deter abusers.  Stalls 5
>> seconds per failed attempt.
>
> Can you make #8 configurable? We already have a sleep on auth  
> failure on
> the module that does the auth (checkpassword) with some extra checks
> (for instance does not sleep on autentications coming from our webmail
> servers because they already do that) so we may not want that enabled.

dovecot-auth already does internally a 0-2 second failure delay  
(flushes failures every 2 seconds). Hmm. Wonder if the increased  
waiting could be done by dovecot-auth instead. There you can already  
disable the internal wait by returning a "nodelay" field from  
checkpassword (maybe you do already?)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081217/e444cd32/attachment.bin 


More information about the dovecot mailing list