[Dovecot] Apple patches 6-8
Jose Celestino
japc at co.sapo.pt
Wed Dec 17 17:47:51 EET 2008
Words by Mike Abbott [Wed, Dec 17, 2008 at 09:35:16AM -0600]:
> Here are a few more patches. Still keeping it easy for now. Again the
> basis for these patches is dovecot-1.1.7.
>
[...]
> Patch #8. Back off after auth failures to deter abusers. Stalls 5
> seconds per failed attempt.
Can you make #8 configurable? We already have a sleep on auth failure on
the module that does the auth (checkpassword) with some extra checks
(for instance does not sleep on autentications coming from our webmail
servers because they already do that) so we may not want that enabled.
--
Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc
----------------------------------------------------------------
"One man’s theology is another man’s belly laugh." -- Robert A. Heinlein
More information about the dovecot
mailing list