On 24/09/15 22:57, Michael D. Sofka wrote:
> The plaintextloginpause affects all POP3 connections, even those that
> are encrypted via pop3s or STARTTLS. Not that this is necessarily a
> bad thing.... But is it expected behaviour?
True for 2.4.18 and 2.5.6. Looking at the code in pop3d.c it is expected
behaviour. Looking at imapd.c as well it seems it should not affect TLS
protected connections.
I patched it a while ago for my local RPMs:
> --- pop3d.c.orig 2014-09-15 15:33:35.993293154 +0200
> +++ pop3d.c 2015-07-06 16:32:15.281275940 +0200
> @@ -1497,7 +1508,8 @@
> popd_userid, popd_subfolder ? popd_subfolder : "",
> popd_starttls_done ? "+TLS" : "", "User logged in", session_id());
>
> - if ((plaintextloginpause = config_getint(IMAPOPT_PLAINTEXTLOGINPAUSE))
> + if ((!popd_starttls_done) &&
> + (plaintextloginpause = config_getint(IMAPOPT_PLAINTEXTLOGINPAUSE))
> != 0) {
> sleep(plaintextloginpause);
> }
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@xxxxxxx> | http://www.blafasel.at/
Vienna University Computer Center | Austria
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
