I have been using UW's IMAP server and I am converting to Dovecot for Maildir support.
When a user fails authentication, or a user does not exist, it appears that the same message is used for these events. Is there a way to indicate that the user does not exist (Invalid user), and authentication Failure (Failed Password)? Clearly these two failures indicate a different error in the system. One that some forgot their password, the other indicates a dictionary attack. -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ------------------------------------------------------------------------ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants SPAMZapper <http://www.Spam-Zapper.com> - No-JunkMail.com <http://www.No-JunkMail.com> - *True Spam Elimination*.
