[imp] "horde imp" lock out after x failed login attempts

Jan Schneider jan at horde.org
Fri Sep 9 13:33:12 UTC 2016 

Please don't top-post.

Zitat von Michael Martinell <michael.martinell at itctel.com>:

> -----Original Message-----
> From: imp [mailto:imp-bounces at lists.horde.org] On Behalf Of Andy Dorman
> Sent: Thursday, September 08, 2016 4:35 PM
> To: imp at lists.horde.org
> Subject: Re: [imp] "horde imp" lock out after x failed login attempts
>
> On 09/08/2016 03:53 PM, Michael Martinell wrote:
>> We have ours configured to use imp for authentication.  Count bad  
>> logins is checked.  Login_block_count is 5.  Login_block_time is 5.  
>>  Login_block is checked.
>>
>> It does not lock the user out even after several bad attempts.
>>
>> Michael Martinell
>> Internet Systems Technician
>> Interstate Telecommunications Coop., Inc.
>>
>> -----Original Message-----
>> From: imp [mailto:imp-bounces at lists.horde.org] On Behalf Of Arjen de
>> Korte
>> Sent: Thursday, September 08, 2016 3:44 PM
>> To: imp at lists.horde.org
>> Subject: Re: [imp] "horde imp" lock out after x failed login attempts
>>
>> Citeren Michael Martinell <michael.martinell at itctel.com>:
>>
>>> We are looking for a way to lock a user out of webmail after a
>>> configurable amount of failed login attempts.  Preferably this would
>>> redirect the user to a different web page directing them to call
>>> support.  I am unable to locate this information anywhere in the
>>> documentation.  What options exist that would support this?
>>
>> See the 'Authentication' tab in the Horde configuration. It will  
>> allow you to set limits on failed logins and how long to block  
>> users after this limit has been exceeded.
>>
>>> Michael Martinell
>>> Internet Systems Technician
>>>
>
> What do your logs say when this happens?
>
> This is what I see in the logs when I put in the wrong password.
> Sep  9 08:03:40 www001 HORDE: [imp] [login] Mail server denied  
> authentication. [pid 14232 on line 730 of  
> "/usr/local/www/sites/horde5.itctel.com/imp/lib/Imap.php"]
> Sep  9 08:03:40 www001 HORDE: [horde] FAILED LOGIN for  
> itc_mmartinell to horde (75.102.161.136) [pid 14232 on line 199 of  
> "/usr/local/www/sites/horde5.itctel.com/login.php"]
>
>
> I can try it with the wrong password as many times as I want, but it  
> never seems to lock it out.  As soon as I put in the correct  
> password, I immediately get logged in.  It does not appear to be  
> locking the account for 5 minutes after 5 failed retries.
>
> In this case I failed to login 10 times, receiving the above message  
> every time.  As soon as I put in the correct password I immediately  
> logged in without error.
>
> Sep  9 08:04:32 www001 HORDE: [imp] Login success for itc_mmartinell  
> (75.102.161.136) to {imap://mail001.internal.itctel.com/} [pid 14223  
> on line 157 of  
> "/usr/local/www/sites/horde5.itctel.com/imp/lib/Auth.php"]

Do you have the History and Lock systems configured and working?

-- 
Jan Schneider
The Horde Project
http://www.horde.org/

More information about the imp mailing list