Hi
I was looking into Pigeonhole behaviour in the case of managesieve receiving invalid input either before or after login. I can see that there are hard coded limits after 3 sequential bad commands prior to authentication and 20 after authentication.
I was wondering if there is a reason for those values. Sieve is a protocol that is used with software and except for the limited use case of testing it is not used by people typing manually.
I don't know of a lot of sieve clients. Unfortunately the one I used in Thunderbird is no longer maintained, so I only have roundcube. But do legitimate sieve clients in general make a lot of mistakes?
An additional doubt about errors that I am seeing is that differently to imap and pop3 there doen't appear to be a dedicated ssl port. I only have starttls configured. I do see what look like people trying to connect with ssl directly on port 4190, which with my configuration is never going to be valid.
I am attaching a very simple proposed patch to make the error limits configurable via the following settings in conf.d/20-managesieve.conf with defaults as per the existing hard coded ones:
managesieve_max_command_errors = 20 managesieve_login_max_command_errors = 3
I have similar doubts about imap error limits but I'll start with sieve ones.
John