Alexei Osipov created JAMES-1723:
------------------------------------
Summary: Add protection from password bruteforcing
Key: JAMES-1723
URL: https://issues.apache.org/jira/browse/JAMES-1723
Project: James Server
Issue Type: New Feature
Affects Versions: 3.0-beta4, Trunk, 3.0.0-beta5
Reporter: Alexei Osipov
Right now James has no mechanisms of protection against password forcing.
For example, it's possible to connect to James via SMTP and execute AUTH
command as many times as needed to guess user's password.
Common practices that may be used by James:
1) Force disconnect after few unsuccessful AUTH requests.
2) Count failed AUTH requests by IP address and reject connections from that IP
if number of failures reached some threshold.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
