Hi
I was looking into Pigeonhole behaviour in the case of managesieve
receiving invalid input either before or after login. I can see that
there are hard coded limits after 3 sequential bad commands prior to
authentication and 20 after authentication.
I was wondering if there is a reason for those values. Sieve is a
protocol that is used with software and except for the limited use case
of testing it is not used by people typing manually.
I don't know of a lot of sieve clients. Unfortunately the one I used in
Thunderbird is no longer maintained, so I only have roundcube. But do
legitimate sieve clients in general make a lot of mistakes?
An additional doubt about errors that I am seeing is that differently to
imap and pop3 there doen't appear to be a dedicated ssl port. I only
have starttls configured. I do see what look like people trying to
connect with ssl directly on port 4190, which with my configuration is
never going to be valid.
I am attaching a very simple proposed patch to make the error limits
configurable via the following settings in conf.d/20-managesieve.conf
with defaults as per the existing hard coded ones:
managesieve_max_command_errors = 20
managesieve_login_max_command_errors = 3
I have similar doubts about imap error limits but I'll start with sieve
ones.
John
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
