search for: master_auth_server_timeout_secs

Hello, given the 2015 revision date, I was curious if anyone can confirm https://wiki2.dovecot.org/Timeouts is still accurate where the 'before login' IMAP timeout remains hard coded? We're having an issue where blocks of IP's from China and similar locations are crawling IP ranges trying common login credentials, and hanging the connections open in the process. We have clients

...+99,1 @@ -#define MASTER_LOGIN_TIMEOUT_SECS (3*60) +#define MASTER_LOGIN_TIMEOUT_SECS (31) Changing it to 31s still seems overly generous, but you can not set it lower unless you also change the next define /* auth server should abort auth requests before that happens */ #define MASTER_AUTH_SERVER_TIMEOUT_SECS (MASTER_LOGIN_TIMEOUT_SECS - 30) I really don't understand what this is about, but if this becomes zero, authentication breaks. Maybe (MASTER_LOGIN_TIMEOUT_SECS>>1) would be a safer definition. $ date; netcat 127.0.0.1 143; date Mon Feb 16 15:23:44 EST 2015 * OK [CAPA...