[Dovecot] Auth failure delays

Timo Sirainen tss at iki.fi
Mon Nov 9 23:50:37 EET 2009


On Mon, 2009-11-09 at 16:41 -0500, Timo Sirainen wrote:
> On Mon, 2009-11-09 at 09:01 +0100, Steffen Kaiser wrote:
> > > Any thoughts?
> > 
> > The only two remarks I have are that some well-known IPs should be able to 
> > bypass this check, e.g. NATed gateways of the organisation 
> 
> Hmm. That seems like way too much trouble. Even just on/off setting
> annoys me.

Maybe:

 - If hash(user+password) has already been tried from the IP within n
minutes, trying it again wouldn't increase the delay.

But that might increase the memory usage too much.. But maybe it could
be limited to just n hashes and it wouldn't be too bad.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091109/c16084cb/attachment.bin 


More information about the dovecot mailing list