slow logins over login_trusted_network
i've upgraded dovecot on my server to 2.3.9
works properly but saslauthd that uses it for rimap authentication over 127.0.0.1 works SLOW. You need to wait 15-20 seconds before authentication.
only imap login over 127.0.0.1 is slowed down, while over any other IP is quick.
i had this problem with older version of dovecot but it was about adding login_trusted_networks = 127.0.0.1
but i already have this and logins is slow.
how to disable throttling (or better - put other limits) for 127.0.0.1?
On 16/12/2019 16:54 Wojciech Puchar wojtek@puchar.net wrote:
i've upgraded dovecot on my server to 2.3.9
works properly but saslauthd that uses it for rimap authentication over 127.0.0.1 works SLOW. You need to wait 15-20 seconds before authentication.
only imap login over 127.0.0.1 is slowed down, while over any other IP is quick.
i had this problem with older version of dovecot but it was about adding login_trusted_networks = 127.0.0.1
but i already have this and logins is slow.
how to disable throttling (or better - put other limits) for 127.0.0.1?
Can you turn on auth_debug=yes and provide logs?
Aki
- Wojciech Puchar, 16.12.19 15:54
i've upgraded dovecot on my server to 2.3.9
works properly but saslauthd that uses it for rimap authentication over 127.0.0.1 works SLOW. You need to wait 15-20 seconds before authentication.
only imap login over 127.0.0.1 is slowed down, while over any other IP is quick.
i had this problem with older version of dovecot but it was about adding login_trusted_networks = 127.0.0.1
but i already have this and logins is slow.
how to disable throttling (or better - put other limits) for 127.0.0.1?
https://wiki2.dovecot.org/Upgrading/2.3 - look for "Localhost Auth Penalty"
HTH, Thomas
how to disable throttling (or better - put other limits) for 127.0.0.1?
https://wiki2.dovecot.org/Upgrading/2.3 - look for "Localhost Auth Penalty"
that's certainly this.
but i am not an expert in this passdb system
my current config is
passdb { driver=passwd-file args= username_format=%Lu /usr/local/etc/dovecot/aliasy }
passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] #args = dovecot }
userdb {
#
# Override fields from passwd #override_fields = home=/home/virtual/%u }
where /usr/local/etc/dovecot/aliasy is a list of e-mail names to user account names like this
wojtek@puchar.net:::::::user=puchar-wojtek
how to properly do this?
- Wojciech Puchar, 16.12.19 18:04
how to disable throttling (or better - put other limits) for 127.0.0.1?
https://wiki2.dovecot.org/Upgrading/2.3 - look for "Localhost Auth Penalty"
that's certainly this.
but i am not an expert in this passdb system
my current config is [...]
where /usr/local/etc/dovecot/aliasy is a list of e-mail names to user account names like this
wojtek@puchar.net:::::::user=puchar-wojtek
how to properly do this?
I'm not an expert either, but I *think* you can just more or less literally copy/paste from the example in the link.
Ie., right before your passdb{} entry pointing to /usr/local/etc/dovecot/aliasy you would just insert another passdb{} entry as the very first one, namely the one from the link with exactly the same content (you could probably name the file differently to make its purpose more clear, like eg. "/usr/local/etc/dovecot/passdb-override-auth-penalty"). The key point in this entry seems to be "noauthenticate=y", which I interpret as "read and use the file, but don't actually use it for authentication purposes").
Then, in the file itself, you probably only need the first line containing "127.0.0.1", again copy/pasted literally from the link. I interpret its contents as "for any connections coming from 127.0.0.1, apply 'nodelay=yes'", ie. don't apply the default auth penalty delay.
Maybe an actual expert will prove me wrong, but at least my interpretation seems to make some sort of sense to me. :-)
HTH, Thomas
how to properly do this?
I'm not an expert either, but I *think* you can just more or less literally copy/paste from the example in the link.
Ie., right before your passdb{} entry pointing to /usr/local/etc/dovecot/aliasy you would just Thank you very much. not it works properly.
participants (3)
-
Aki Tuomi
-
Thomas Zajic
-
Wojciech Puchar