Penalty timeout bug in pop3d
Pascal Gienger
Pascal.Gienger at uni-konstanz.de
Mon Sep 17 09:05:33 EDT 2007
Pascal Gienger <Pascal.Gienger at uni-konstanz.de> wrote:
> Hi,
>
> was there a special reason to "forget" the sleep(3) penalty timeout after
> an "invalid user" auth nak message?
>
> I did that because we had a POP3 client running wild while trying out
> unknown sasl users...
Imapd version is 2.3.9, diff -c is as follows:
# diff -c pop3d.c.orig pop3d.c
*** pop3d.c.orig Mon Sep 17 13:57:19 2007
--- pop3d.c Mon Sep 17 13:58:01 2007
***************
*** 1217,1226 ****
!(config_virtdomains && /* allow '.' in dom.ain */
(domain = strchr(userbuf, '@')) && (dot > domain))) ||
strlen(userbuf) + 6 > MAX_MAILBOX_NAME) {
- prot_printf(popd_out, "-ERR [AUTH] Invalid user\r\n");
syslog(LOG_NOTICE,
"badlogin: %s plaintext %s invalid user",
popd_clienthost, beautify_string(user));
}
else {
popd_userid = xstrdup(userbuf);
--- 1217,1227 ----
!(config_virtdomains && /* allow '.' in dom.ain */
(domain = strchr(userbuf, '@')) && (dot > domain))) ||
strlen(userbuf) + 6 > MAX_MAILBOX_NAME) {
syslog(LOG_NOTICE,
"badlogin: %s plaintext %s invalid user",
popd_clienthost, beautify_string(user));
+ sleep(3);
+ prot_printf(popd_out, "-ERR [AUTH] Invalid user\r\n");
}
else {
popd_userid = xstrdup(userbuf);
--
Pascal Gienger
Rechenzentrum Univ. Konstanz
More information about the Info-cyrus
mailing list