6 Mar
2006
6 Mar
'06
3:43 p.m.
On Mon, 2006-03-06 at 10:09 -0500, Bill Boebel wrote:
(sorry for the late response to this thread)
I would like to see hooks in the proxy that would allow somebody to build security features such as:
- per user concurrent connection limits
- per IP concurrent connection limits
- per user login rate limits
- per IP login rate limits
- IP access restrictions per user (looks like this is already possible)
- IP lockouts for brute force password crack attempts
The proxy is the right place for these features for us, but smaller sites might need these features in the main IMAP server.
I think dovecot-auth would be a good place to put all those restrictions. That would work with and without proxy. Since there can be multiple dovecot-auth processes, these would probably have to be kept in memory by yet another process which communicates with dovecot-auth processes. Or maybe master process could do it, hmm.