[Dovecot] Auth failure delays
Timo Sirainen
tss at iki.fi
Mon Nov 9 23:50:37 EET 2009
On Mon, 2009-11-09 at 16:41 -0500, Timo Sirainen wrote:
> On Mon, 2009-11-09 at 09:01 +0100, Steffen Kaiser wrote:
> > > Any thoughts?
> >
> > The only two remarks I have are that some well-known IPs should be able to
> > bypass this check, e.g. NATed gateways of the organisation
>
> Hmm. That seems like way too much trouble. Even just on/off setting
> annoys me.
Maybe:
- If hash(user+password) has already been tried from the IP within n
minutes, trying it again wouldn't increase the delay.
But that might increase the memory usage too much.. But maybe it could
be limited to just n hashes and it wouldn't be too bad.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091109/c16084cb/attachment.bin
More information about the dovecot
mailing list