This is what I see in the logs when I put in the wrong password.
Sep 9 08:03:40 www001 HORDE: [imp] [login] Mail server denied authentication.
[pid 14232 on line 730 of
"/usr/local/www/sites/horde5.itctel.com/imp/lib/Imap.php"]
Sep 9 08:03:40 www001 HORDE: [horde] FAILED LOGIN for itc_mmartinell to horde
(75.102.161.136) [pid 14232 on line 199 of
"/usr/local/www/sites/horde5.itctel.com/login.php"]
I can try it with the wrong password as many times as I want, but it never
seems to lock it out. As soon as I put in the correct password, I immediately
get logged in. It does not appear to be locking the account for 5 minutes
after 5 failed retries.
In this case I failed to login 10 times, receiving the above message every
time. As soon as I put in the correct password I immediately logged in without
error.
Sep 9 08:04:32 www001 HORDE: [imp] Login success for itc_mmartinell
(75.102.161.136) to {imap://mail001.internal.itctel.com/} [pid 14223 on line
157 of "/usr/local/www/sites/horde5.itctel.com/imp/lib/Auth.php"]
Michael Martinell
Internet Systems Technician
Interstate Telecommunications Coop., Inc.
-----Original Message-----
From: imp [mailto:imp-boun...@lists.horde.org] On Behalf Of Andy Dorman
Sent: Thursday, September 08, 2016 4:35 PM
To: imp@lists.horde.org
Subject: Re: [imp] "horde imp" lock out after x failed login attempts
On 09/08/2016 03:53 PM, Michael Martinell wrote:
> We have ours configured to use imp for authentication. Count bad logins is
> checked. Login_block_count is 5. Login_block_time is 5. Login_block is
> checked.
>
> It does not lock the user out even after several bad attempts.
>
> Michael Martinell
> Internet Systems Technician
> Interstate Telecommunications Coop., Inc.
>
> -----Original Message-----
> From: imp [mailto:imp-boun...@lists.horde.org] On Behalf Of Arjen de
> Korte
> Sent: Thursday, September 08, 2016 3:44 PM
> To: imp@lists.horde.org
> Subject: Re: [imp] "horde imp" lock out after x failed login attempts
>
> Citeren Michael Martinell <michael.martin...@itctel.com>:
>
>> We are looking for a way to lock a user out of webmail after a
>> configurable amount of failed login attempts. Preferably this would
>> redirect the user to a different web page directing them to call
>> support. I am unable to locate this information anywhere in the
>> documentation. What options exist that would support this?
>
> See the 'Authentication' tab in the Horde configuration. It will allow you to
> set limits on failed logins and how long to block users after this limit has
> been exceeded.
>
>> Michael Martinell
>> Internet Systems Technician
>>
What do your logs say when this happens?
--
Andy Dorman
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail:
imp-unsubscr...@lists.horde.org
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
