~migadu/alps#162: 
Log failed authentication attempts

So that e.g. fail2ban can be configured to block users who are attempting credentials stuffing.

This could also be handled at the IMAP server, however alps is running on the same host, and it's not desirable to rate-limit connections from localhost.

Simply logging the failed login attempts with a clear pattern and the connecting user's IP allows a fail2ban rule to be added which offers some protection from this kind of abuse.

Status
REPORTED
Submitter
~mfashby
Assigned to
No-one
Submitted
8 months ago
Updated
8 months ago
Labels
No labels applied.