[Dovecot] Delay on failed pw attempts
Stephen Usher
Stephen.Usher at earth.ox.ac.uk
Wed Jan 2 12:56:34 EET 2008
On 2 Jan 2008, at 10:43, Luigi Rosa wrote:
> Timo Sirainen said the following on 01/02/2008 11:39 AM:
>
>> A growing delay based
>> on remote IP address would be nice, but it would require keeping
>> track
>> of that information, which pretty much means that there would have
>> to be
>> a new separate process doing that. All of this would be so much
>> easier
>> to implement for v2.0 framework..
>
> IMHO this stuff is to be handled by IDS and firewall.
>
Unfortunately many (most) of the IDS appliances aren't tunable in this
way, they merely use content signatures. Firewalls are not designed to
do this at all. My experience with Cisco kit shows this to be true.
You also have to remember that the people managing the firewall/IDS
aren't necessarily the same people as those who run the mail services
and the latter may not have a direct influence upon the former.
As for if/when Dovecot should get this, well it's not imperative. It's
a feature which would be very nice to have but it's not a deal
breaker. Let's face it, I know of no other IMAP server systems which
currently have it. In this case, if it fits better into the v2.0
framework then it's probably best to wait until then but factor such
sorts of controls into the design at this early stage of development.
Steve
---------------------------------------------------------------------------
Computer Systems Administrator, E-Mail:-steve at earth.ox.ac.uk
Department of Earth Sciences, Tel:- +44 (0)1865
282110
University of Oxford, Parks Road, Oxford, UK. Fax:- +44 (0)1865
272072
More information about the dovecot
mailing list