You are still not considering the possibility that somebody mounts a
denial of service attack. An attacker need only make three attempts
every ten minutes to permanently lock somebody out. And the attacker can
do that for every mailbox they know of on your system. How would you like
it if I set up a cron job to run every ten minutes to block
[EMAIL PROTECTED] I think you'd find it a little inconvenient.
What if the system tracked it by IP, and after three failures locked out connections from that IP for 10 minutes?
More secure and limits DoS to people who can initiate connections from your IP (or your proxy server if you use one).
-- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/