[imp] "horde imp" lock out after x failed login attempts

Jan Schneider jan at horde.org
Mon Sep 12 13:59:43 UTC 2016 

Zitat von Michael Martinell <michael.martinell at itctel.com>:

>> -----Original Message-----
>> From: imp [mailto:imp-bounces at lists.horde.org] On Behalf Of Andy
>> Dorman
>> Sent: Thursday, September 08, 2016 4:35 PM
>> To: imp at lists.horde.org
>> Subject: Re: [imp] "horde imp" lock out after x failed login attempts
>>
>> On 09/08/2016 03:53 PM, Michael Martinell wrote:
>>> We have ours configured to use imp for authentication.  Count bad
>>> logins is checked.  Login_block_count is 5.  Login_block_time is 5.
>>>  Login_block is checked.
>>>
>>> It does not lock the user out even after several bad attempts.
>>>
>>> Michael Martinell
>>> Internet Systems Technician
>>> Interstate Telecommunications Coop., Inc.
>>>
>>> -----Original Message-----
>>> From: imp [mailto:imp-bounces at lists.horde.org] On Behalf Of Arjen de
>>> Korte
>>> Sent: Thursday, September 08, 2016 3:44 PM
>>> To: imp at lists.horde.org
>>> Subject: Re: [imp] "horde imp" lock out after x failed login attempts
>>>
>>> Citeren Michael Martinell <michael.martinell at itctel.com>:
>>>
>>>> We are looking for a way to lock a user out of webmail after a
>>>> configurable amount of failed login attempts.  Preferably this would
>>>> redirect the user to a different web page directing them to call
>>>> support.  I am unable to locate this information anywhere in the
>>>> documentation.  What options exist that would support this?
>>>
>>> See the 'Authentication' tab in the Horde configuration. It will
>>> allow you to set limits on failed logins and how long to block users
>>> after this limit has been exceeded.
>>>
>>>> Michael Martinell
>>>> Internet Systems Technician
>>>>
>>
>> What do your logs say when this happens?
>>
>> This is what I see in the logs when I put in the wrong password.
>> Sep  9 08:03:40 www001 HORDE: [imp] [login] Mail server denied
>> authentication. [pid 14232 on line 730 of
>> "/usr/local/www/sites/horde5.itctel.com/imp/lib/Imap.php"]
>> Sep  9 08:03:40 www001 HORDE: [horde] FAILED LOGIN for itc_mmartinell
>> to horde (75.102.161.136) [pid 14232 on line 199 of
>> "/usr/local/www/sites/horde5.itctel.com/login.php"]
>>
>>
>> I can try it with the wrong password as many times as I want, but it
>> never seems to lock it out.  As soon as I put in the correct password,
>> I immediately get logged in.  It does not appear to be locking the
>> account for 5 minutes after 5 failed retries.
>>
>> In this case I failed to login 10 times, receiving the above message
>> every time.  As soon as I put in the correct password I immediately
>> logged in without error.
>>
>> Sep  9 08:04:32 www001 HORDE: [imp] Login success for itc_mmartinell
>> (75.102.161.136) to {imap://mail001.internal.itctel.com/} [pid 14223
>> on line 157 of
>> "/usr/local/www/sites/horde5.itctel.com/imp/lib/Auth.php"]
>
> Do you have the History and Lock systems configured and working?
>
> --
> Jan Schneider
> The Horde Project
> http://www.horde.org/
>
> --
> imp mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQ To  
> unsubscribe, mail: imp-unsubscribe at lists.horde.org
>
> I am not sure where the documentation for these settings are at.   
> Where are the instructions for this?
>
> Here is what I have:
>
> From Imp conf.php
> $conf['maillog']['driver'] = 'history';
>
>
> From Horde conf.php
> $conf['auth']['params']['app'] = 'imp';
> $conf['auth']['driver'] = 'application';
> $conf['auth']['params']['count_bad_logins'] = true;
> $conf['auth']['params']['login_block'] = true;
> $conf['auth']['params']['login_block_count'] = 5;
> $conf['auth']['params']['login_block_time'] = 5;
> $conf['signup']['allow'] = false;

See the 'history' and 'lock' settings in Horde's conf.php.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/

More information about the imp mailing list