This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit f590da44aa7ffaec4a087ccd305023777a0871e2 Author: Benoit Tellier <[email protected]> AuthorDate: Tue Feb 23 11:57:52 2021 +0700 JAMES-3504 POP3 should log authentication failures - Valuable diagnosis information - This also enables some `failtoban` like approach to mitigate brute force attacks --- .../src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java b/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java index eb3f944..6456d15 100644 --- a/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java +++ b/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java @@ -95,6 +95,9 @@ public class PassCmdHandler extends AbstractPassCmdHandler { MessageManager mailbox = manager.getMailbox(MailboxPath.inbox(mSession), mSession); return new MailboxAdapter(manager, mailbox, mSession); } catch (BadCredentialsException e) { + LOGGER.info("Bad credential supplied for {} with remote address {}", + session.getUsername().asString(), + session.getRemoteAddress().getAddress()); return null; } catch (MailboxException e) { throw new IOException("Unable to access mailbox for user " + session.getUsername().asString(), e); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
