Am Freitag, den 05.06.2009, 02:26 -0400 schrieb Timo Sirainen:
On Jun 5, 2009, at 2:07 AM, henry ritzlmayr wrote:
Interesting for me is that you are on v1.2RC4. Timo wrote yersterday that with v1.2+ after every login failure the delay for the next
attempt should grow. When I take a look at your timestamps this is obviously
not working on your system.That's because the client disconnects between attempts. Currently the
delay increase is done only within a single session.
Ok, if thats so please really consider the possibility to disconnect a user if he/she provides the wrong credentials. Otherwise we would have to deal with two kinds of attackers on two places. The ones which don't disconnect themselves would have to be handled by dovecot (growing delay) and the ones which disconnect would have to be handled by firewall/fail2ban etc. I personally prefer (I'm sure you figured that already) a centralized approach on the firewall.
Have a nice trip to frisco Henry