[Dovecot] Feature request: usernames and passwords

Thanos Chatziathanassiou tchatzi at arx.net
Wed Jul 21 14:29:10 EEST 2010


A relatively recent development that spammers got wind of is users that 
have username==password, with/without the domain.
I am tracking numerous 1-off attempts from bots to gain access to 
mailboxes this way.
Situation isn't made any better if you're also using dovecot as SMTP 
AUTH provider for I am ashamed to admit I've relayed some spam that way.
Would it be possible to deny login if username==password with a 
(non?)polite/custom message to go change your password to something less 
obvious ?



More information about the dovecot mailing list