[Dovecot] Authentication Error Message formats
Albert E. Whale
aewhale at ABS-CompTech.com
Wed Oct 29 15:49:07 EET 2008
I have been using UW's IMAP server and I am converting to Dovecot for
Maildir support.
When a user fails authentication, or a user does not exist, it appears
that the same message is used for these events.
Is there a way to indicate that the user does not exist (Invalid user),
and authentication Failure (Failed Password)?
Clearly these two failures indicate a different error in the system.
One that some forgot their password, the other indicates a dictionary
attack.
--
Albert E. Whale, CHS CISA CISSP
Sr. Security, Network, Risk Assessment and Systems Consultant
------------------------------------------------------------------------
ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email,
Internet and Security Consultants
SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com
<http://www.No-JunkMail.com> - *True Spam Elimination*.
More information about the dovecot
mailing list