> -----Original Message----- > From: imp [mailto:imp-boun...@lists.horde.org] On Behalf Of Andy > Dorman > Sent: Thursday, September 08, 2016 4:35 PM > To: imp@lists.horde.org > Subject: Re: [imp] "horde imp" lock out after x failed login attempts > > On 09/08/2016 03:53 PM, Michael Martinell wrote: >> We have ours configured to use imp for authentication. Count bad >> logins is checked. Login_block_count is 5. Login_block_time is 5. >> Login_block is checked. >> >> It does not lock the user out even after several bad attempts. >> >> Michael Martinell >> Internet Systems Technician >> Interstate Telecommunications Coop., Inc. >> >> -----Original Message----- >> From: imp [mailto:imp-boun...@lists.horde.org] On Behalf Of Arjen de >> Korte >> Sent: Thursday, September 08, 2016 3:44 PM >> To: imp@lists.horde.org >> Subject: Re: [imp] "horde imp" lock out after x failed login attempts >> >> Citeren Michael Martinell <michael.martin...@itctel.com>: >> >>> We are looking for a way to lock a user out of webmail after a >>> configurable amount of failed login attempts. Preferably this would >>> redirect the user to a different web page directing them to call >>> support. I am unable to locate this information anywhere in the >>> documentation. What options exist that would support this? >> >> See the 'Authentication' tab in the Horde configuration. It will >> allow you to set limits on failed logins and how long to block users >> after this limit has been exceeded. >> >>> Michael Martinell >>> Internet Systems Technician >>> > > What do your logs say when this happens? > > This is what I see in the logs when I put in the wrong password. > Sep 9 08:03:40 www001 HORDE: [imp] [login] Mail server denied > authentication. [pid 14232 on line 730 of > "/usr/local/www/sites/horde5.itctel.com/imp/lib/Imap.php"] > Sep 9 08:03:40 www001 HORDE: [horde] FAILED LOGIN for itc_mmartinell > to horde (75.102.161.136) [pid 14232 on line 199 of > "/usr/local/www/sites/horde5.itctel.com/login.php"] > > > I can try it with the wrong password as many times as I want, but it > never seems to lock it out. As soon as I put in the correct password, > I immediately get logged in. It does not appear to be locking the > account for 5 minutes after 5 failed retries. > > In this case I failed to login 10 times, receiving the above message > every time. As soon as I put in the correct password I immediately > logged in without error. > > Sep 9 08:04:32 www001 HORDE: [imp] Login success for itc_mmartinell > (75.102.161.136) to {imap://mail001.internal.itctel.com/} [pid 14223 > on line 157 of > "/usr/local/www/sites/horde5.itctel.com/imp/lib/Auth.php"]
Do you have the History and Lock systems configured and working? -- Jan Schneider The Horde Project http://www.horde.org/ -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org I am not sure where the documentation for these settings are at. Where are the instructions for this? Here is what I have: >From Imp conf.php $conf['maillog']['driver'] = 'history'; >From Horde conf.php $conf['auth']['params']['app'] = 'imp'; $conf['auth']['driver'] = 'application'; $conf['auth']['params']['count_bad_logins'] = true; $conf['auth']['params']['login_block'] = true; $conf['auth']['params']['login_block_count'] = 5; $conf['auth']['params']['login_block_time'] = 5; $conf['signup']['allow'] = false; -- imp mailing list Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org