[@lbutlr]

On 05 Jun 2020, at 11:27, Stephen Blackwell <stephenmac98 at gmail.com> wrote:
> I want to disable the time penalty for dovecot imap authentication. When receiving a valid user-password combo the server responds in .04 seconds. When I send in an invalid comination it will either respond in 1.544 or 2.044 seconds += .002

This is, of course, by design. Slowing down cracking software is a good thing.

> The issue is that with the 2 seconds delay for a bad login attempt, the tests are too slow to run in production

Yes, that is rather the point.

> I can see that the delay is defined in auth-penalty.h Is there a way, in the config file, to set AUTH_PENALTY_INIT_SECS = 0, or any other way to remove the time delay for an invalid login. 

Change the value and compile a non-production version of dovecot and run your tests there. Be sure to never run this on real users data.

> I do not want to make changes outside of the dovecot config file, password file, or run folder.

You can't always get what you want.



-- 
Beautiful dawn / Lights up the shore for me / There is nothing else
	in the world I'd rather see with you.