Dovecot password policy
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Aug 5 16:12:55 UTC 2016
> On August 5, 2016 at 6:47 PM "Michael A. Peters" <mpeters at domblogger.net> wrote:
>
>
> On 08/05/2016 08:41 AM, Robert Blayzor wrote:
> > Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating?
> >
> > Ie: Reject immediately (without a database lookup) if password is not X characters in length?
> >
> > ?
> >
>
> Not sure what the benefit would be, other than helping automated bots
> figure out your minimum password length based upon the response time.
The response time will be same anyways.
Anyways. It is better to enforce this kind of thing when users define the password than during login.
Aki
More information about the dovecot
mailing list