[Dovecot] Dovecot as a smart IMAP proxy
Timo Sirainen
tss at iki.fi
Mon Mar 6 22:43:39 EET 2006
On Mon, 2006-03-06 at 10:09 -0500, Bill Boebel wrote:
> (sorry for the late response to this thread)
>
> I would like to see hooks in the proxy that would allow somebody to build
> security features such as:
>
> - per user concurrent connection limits
> - per IP concurrent connection limits
> - per user login rate limits
> - per IP login rate limits
> - IP access restrictions per user (looks like this is already possible)
> - IP lockouts for brute force password crack attempts
>
> The proxy is the right place for these features for us, but smaller sites
> might need these features in the main IMAP server.
I think dovecot-auth would be a good place to put all those
restrictions. That would work with and without proxy. Since there can be
multiple dovecot-auth processes, these would probably have to be kept in
memory by yet another process which communicates with dovecot-auth
processes. Or maybe master process could do it, hmm.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20060306/daca065e/attachment.pgp
More information about the dovecot
mailing list