[Dovecot] SQL/LDAP Lockouts?

Ben Beuchler insyte at emt-p.org
Fri Dec 10 01:55:57 EET 2004


On Thu, Dec 09, 2004 at 09:20:21PM +0000, Paul Reilly wrote:

> > Then again, the convention net.wisdom at least -used- to be that this
> > was a bad idea, because it became an easy DOS attack.
> >
> I take your point. But at the same time if there's no lockout mechanism
> a brute force attack will eventually guess the passwords.

Tarpitting seems like a good approach, here.

-- 
Ben Beuchler                                           There is no spoon.
insyte at emt-p.org                                            -- The Matrix



More information about the dovecot mailing list