You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2021/02/25 09:06:51 UTC
[james-project] 03/12: JAMES-3504 POP3 should log authentication
failures
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit f590da44aa7ffaec4a087ccd305023777a0871e2
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Tue Feb 23 11:57:52 2021 +0700
JAMES-3504 POP3 should log authentication failures
- Valuable diagnosis information
- This also enables some `failtoban` like approach to mitigate brute
force attacks
---
.../src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java b/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java
index eb3f944..6456d15 100644
--- a/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java
+++ b/server/protocols/protocols-pop3/src/main/java/org/apache/james/pop3server/core/PassCmdHandler.java
@@ -95,6 +95,9 @@ public class PassCmdHandler extends AbstractPassCmdHandler {
MessageManager mailbox = manager.getMailbox(MailboxPath.inbox(mSession), mSession);
return new MailboxAdapter(manager, mailbox, mSession);
} catch (BadCredentialsException e) {
+ LOGGER.info("Bad credential supplied for {} with remote address {}",
+ session.getUsername().asString(),
+ session.getRemoteAddress().getAddress());
return null;
} catch (MailboxException e) {
throw new IOException("Unable to access mailbox for user " + session.getUsername().asString(), e);
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org