diff --git a/CHANGELOG.md b/CHANGELOG.md index 5154275f..aa10953c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ - add guide to migrate chatmail to a new server ([#429](https://github.com/deltachat/chatmail/pull/429)) +- disable anvil authentication penalty + ([#414](https://github.com/deltachat/chatmail/pull/444) + - increase `request_queue_size` for UNIX sockets to 1000. ([#437](https://github.com/deltachat/chatmail/pull/437)) diff --git a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 index f4b68f9e..d8965343 100644 --- a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 +++ b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 @@ -194,6 +194,15 @@ service imap-login { process_min_avail = 10 } +service anvil { + # We are disabling anvil penalty on failed login attempts + # because it can only detect brute forcing by IP address + # not by username. As the correct IP address is not handed + # to dovecot anyway, it is more of hindrance than of use. + # See for details. + unix_listener anvil-auth-penalty { mode = 0 } +} + ssl = required ssl_cert =