[imp] "horde imp" lock out after x failed login attempts

Michael Martinell michael.martinell at itctel.com
Fri Sep 9 13:08:57 UTC 2016 

This is what I see in the logs when I put in the wrong password.
Sep  9 08:03:40 www001 HORDE: [imp] [login] Mail server denied authentication. [pid 14232 on line 730 of "/usr/local/www/sites/horde5.itctel.com/imp/lib/Imap.php"]
Sep  9 08:03:40 www001 HORDE: [horde] FAILED LOGIN for itc_mmartinell to horde (75.102.161.136) [pid 14232 on line 199 of "/usr/local/www/sites/horde5.itctel.com/login.php"]


I can try it with the wrong password as many times as I want, but it never seems to lock it out.  As soon as I put in the correct password, I immediately get logged in.  It does not appear to be locking the account for 5 minutes after 5 failed retries.

In this case I failed to login 10 times, receiving the above message every time.  As soon as I put in the correct password I immediately logged in without error.

Sep  9 08:04:32 www001 HORDE: [imp] Login success for itc_mmartinell (75.102.161.136) to {imap://mail001.internal.itctel.com/} [pid 14223 on line 157 of "/usr/local/www/sites/horde5.itctel.com/imp/lib/Auth.php"]




Michael Martinell
Internet Systems Technician
Interstate Telecommunications Coop., Inc.

-----Original Message-----
From: imp [mailto:imp-bounces at lists.horde.org] On Behalf Of Andy Dorman
Sent: Thursday, September 08, 2016 4:35 PM
To: imp at lists.horde.org
Subject: Re: [imp] "horde imp" lock out after x failed login attempts

On 09/08/2016 03:53 PM, Michael Martinell wrote:
> We have ours configured to use imp for authentication.  Count bad logins is checked.  Login_block_count is 5.  Login_block_time is 5.  Login_block is checked.
>
> It does not lock the user out even after several bad attempts.
>
> Michael Martinell
> Internet Systems Technician
> Interstate Telecommunications Coop., Inc.
>
> -----Original Message-----
> From: imp [mailto:imp-bounces at lists.horde.org] On Behalf Of Arjen de 
> Korte
> Sent: Thursday, September 08, 2016 3:44 PM
> To: imp at lists.horde.org
> Subject: Re: [imp] "horde imp" lock out after x failed login attempts
>
> Citeren Michael Martinell <michael.martinell at itctel.com>:
>
>> We are looking for a way to lock a user out of webmail after a 
>> configurable amount of failed login attempts.  Preferably this would 
>> redirect the user to a different web page directing them to call 
>> support.  I am unable to locate this information anywhere in the 
>> documentation.  What options exist that would support this?
>
> See the 'Authentication' tab in the Horde configuration. It will allow you to set limits on failed logins and how long to block users after this limit has been exceeded.
>
>> Michael Martinell
>> Internet Systems Technician
>>

What do your logs say when this happens?

--
Andy Dorman

--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscribe at lists.horde.org

More information about the imp mailing list