[Dovecot] Authentication Error Message formats

29 Oct 2008 · *True Spam Elimination*


      I have been using UW's IMAP server and I am converting to Dovecot for
Maildir support.
When a user fails authentication, or a user does not exist, it appears
that the same message is used for these events.
Is there a way to indicate that the user does not exist (Invalid user),
and authentication Failure (Failed Password)?
Clearly these two failures indicate a different error in the system.
One that some forgot their password, the other indicates a dictionary
attack.
Albert E. Whale, CHS CISA CISSP
Sr. Security, Network, Risk Assessment and Systems Consultant
ABS Computer Technology, Inc. http://www.ABS-CompTech.com - Email,
Internet and Security Consultants
SPAMZapper http://www.Spam-Zapper.com - No-JunkMail.com
http://www.No-JunkMail.com - *True Spam Elimination*.

[Dovecot] Authentication Error Message formats

Albert E. Whale

Clearly these two failures indicate a different error in the system. One that some forgot their password, the other indicates a dictionary attack.

Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant