Well.. that's probably the way to go. Unfortunately, it's getting out of
my league now. Anyone think this is an interesting thing to do?
-Kittiwat
>From: "Karsten W. Rohrbach" <[EMAIL PROTECTED]>
> Markus Stumpf([EMAIL PROTECTED])@2001.04.24 19:47:37 +0000:
> > On Tue, Apr 24, 2001 at 11:48:09AM +0700, Kittiwat Manosuthi wrote:
> > > Anybody know how to delay failed authentication attempts to
prevent
> > > brute force pwd cracking on POP3 server using qmail & vpopmail?
> >
> > IMHO not out of the box.
> > But you surely could construct something in checkpassword that uses
> > a (process independent) ip related counter and just as you use POP
after SMTP
> > to enable relaying you could add
> > <ip>:deny
> > lines to your tcpserver control file.
> maybe add it to tcpserver?
> okay, it would have to have a scoreboard or whatever you might call it
> and so fopen() is invoked (maybe) too often... comments?
>
> /k
>
