2 Jan
2008
2 Jan
'08
1:46 a.m.
On Tue, 1 Jan 2008, Dean Brooks wrote:
Hi,
Is there a way, or can a way be added, to add an "auth_failed_delay=10s" style option that would put in an artificial delay after a failed password attempt?
As it stands now, Dovecot seems highly vulnerable to widescale brute-force password dictionary scans.
But not if you secure access to Dovecot using e.g. fail2ban. Why is adding complexity to Dovecot better than using a dedicated tool?
-- Asheesh.
-- Kites rise highest against the wind -- not with it. -- Winston Churchill