Hi, Is there a way, or can a way be added, to add an "auth_failed_delay=10s" style option that would put in an artificial delay after a failed password attempt?
As it stands now, Dovecot seems highly vulnerable to widescale brute-force password dictionary scans. Even if it's not configurable, can a delay be hardcoded to something like, say, 10 or 15 seconds? -- Dean Brooks [EMAIL PROTECTED]
