7 Mar
2006
7 Mar
'06
8:39 a.m.
On Monday, March 6, 2006 15:43, Timo Sirainen said:
- per user concurrent connection limits
- per IP concurrent connection limits
- per user login rate limits
- per IP login rate limits
- IP access restrictions per user (looks like this is already possible)
- IP lockouts for brute force password crack attempts
I think dovecot-auth would be a good place to put all those restrictions. That would work with and without proxy. Since there can be multiple dovecot-auth processes, these would probably have to be kept in memory by yet another process which communicates with dovecot-auth processes. Or maybe master process could do it, hmm.
dovecot-auth might be able to make calls to Postfix's anvil server to track all of this data. Anvil serves a similar purpose for Postfix (and does a great job) and was designed so that it can be reused by other apps...
http://www.postfix.org/anvil.8.html
Bill