[Dovecot] Feature request: usernames and passwords
tchatzi at arx.net
Wed Jul 21 14:29:10 EEST 2010
A relatively recent development that spammers got wind of is users that
have username==password, with/without the domain.
I am tracking numerous 1-off attempts from bots to gain access to
mailboxes this way.
Situation isn't made any better if you're also using dovecot as SMTP
AUTH provider for I am ashamed to admit I've relayed some spam that way.
Would it be possible to deny login if username==password with a
(non?)polite/custom message to go change your password to something less
More information about the dovecot