Hi, I've been trying to figure out, how to limit login attempts for cyrus pop/imap daemons. I'm trying to prevent brute-force password guessing. I'm using cyrus sasl with /etc/sasldb2 user database, which also authenticates postfix users. I'd like to solve this problem through sasl so I won't have to figure the same for postfix or keep different passwords for mailboxes and smtp. Is there any mechanism to do this through sasl or do I have to try doing it through a firewall? I'm running debian etch system. If imap and pop do not allow multiple login attempts within a single session, I could try to work around this problem using iptables with the recent module but it's like scratching your left ear with your right hand around the back of your head. thanks for any pointers Martin Kraus ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
