25 May
2022
25 May
'22
11 a.m.
On 2022-05-24, Hippo Man <hippoman@gmail.com> wrote:
- Hacker makes numerous login attempts one after the other with various passwords, and without disconnecting in between attempts. I've seen 10 and more of these repeated attempts rapidly during a single imap or pop3 connection.
"numerous" and "rapidly" sounds wrong; between auth_failure_delay (in a single connection) and the penalty mechanism for all connections from an IP address (https://doc.dovecot.org/configuration_manual/authentication/auth_penalty/) it should soon get beyond "rapidly".
Is there something in your config that disables this? Or is your idea of "rapidly" just different to mine?