Hi,
i have a problem with dovecot 2.0.13.
I have one dovecot in Front-end that has only:
passdb { driver = static args = proxy=y host=10.0.0.6 nopassword=y }
In Back-end i have one dovecot that does auth and exports imap/pop3 ports.
In dovecot's log of Front-end i see:
/Apr 02 14:33:34 imap-login: Info: proxy(//[email protected]/
<mailto:[email protected]>/): started proxying to
10.0.0.6:143: user=<//[email protected]/
<mailto:[email protected]>/>, method=PLAIN,
rip=//xx.xx.xx.xx//, lip=xx.xx.xx.xx, TLS
Apr 02 14:34:36 imap-login: Info: Disconnected: *Connection queue full
*(auth failed, 1 attempts): user=<//[email protected]/
<mailto:[email protected]>/>, method=PLAIN,
rip=//xx.xx.xx.xx//, lip=//xx.xx.xx.xx//, TLS/
I see this wiki page: http://wiki2.dovecot.org/LoginProcess but i read:
It works by using a number of long running login processes, each
handling a number of connections. This loses much of the security
benefits of the login process design, because in case of a security hole
(in Dovecot or SSL library) the attacker is now able to see other users
logging in and steal their passwords, read their mails, etc.
Is there another way?
Thanks
