On 05/02/2024 7:48 AM MDT Marc via dovecot dovecot@dovecot.org wrote:
auth_failure_delay = 2 secs ?
That will still simply wait before *rejecting* the login, compared to *dropping the connection*.
We are thus looking for three different behaviours:
If backend confrims auth, ACK auth + proceed (grant access) to email.
If backend confirm "no such user" or "invalid creds", wait for auth_failure_delay and then *reject* the login.
If the backend fails (ie, can neither confirm nor deny), simply drop the connection.
I hope this is more clear.
Yes that is more clear, but no idea (seems a little out of scope to support by design)
In complicated, localized authentication scenarios, Lua auth is likely the best answer. https://doc.dovecot.org/configuration_manual/authentication/lua_based_authen...
michael