17 Dec
2008
17 Dec
'08
5:47 p.m.
Words by Mike Abbott [Wed, Dec 17, 2008 at 09:35:16AM -0600]:
Here are a few more patches. Still keeping it easy for now. Again the basis for these patches is dovecot-1.1.7.
[...]
Patch #8. Back off after auth failures to deter abusers. Stalls 5
seconds per failed attempt.
Can you make #8 configurable? We already have a sleep on auth failure on the module that does the auth (checkpassword) with some extra checks (for instance does not sleep on autentications coming from our webmail servers because they already do that) so we may not want that enabled.
-- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
"One man’s theology is another man’s belly laugh." -- Robert A. Heinlein