Opened 2 years ago
Closed 4 months ago
#1487784 closed Bugs (fixed)
Login with wrong credentials slow due delay on Dovecot
| Reported by: | drdol | Owned by: | |
|---|---|---|---|
| Priority: | 3 | Milestone: | 0.9-rc |
| Component: | IMAP connection | Version: | 0.8.4 |
| Severity: | normal | Keywords: | dovecot login delay |
| Cc: |
Description (last modified by alec)
Introduced in Changeset 4122 (line 706), the code will loop over $auth_methods and will do count($auth_methods)-login attempts.
The IMAP connection look like:
A0001 ID (name "Roundcube Webmail" version 0.5.1 php 5.2.6-3 os Linux command /) A0002 AUTHENTICATE PLAIN BASE64ENCODING A0003 LOGIN mail@example.com password A0004 LOGOUT
If the IMAP-Server supports "AUTHENTICATE PLAIN", Roundcube tries to login twice, if the login credentials are incorrect. First using "AUTHENTICATE PLAIN" and "LOGIN" as a second attempt.
In older version of Roundcube, only "LOGIN" was supported.
The double check if the credentials cause some problems if Dovecot is in use. Dovecot will delay login with wrong credentials. This is mentioned here. Mentioned in the mailinglist, every wrong login attempt will increase the delay.
This delay has a negative impact for a user. The user sometimes has to wait 15 - 20 seconds to determine, that the user credentials are wrong, due the delay of the second login attempt with "LOGIN". IHMO after the first login failing the script should skip further tries to avoid delays.
The delay even increase, if to much wrong login attempts coming from the same IP.
Change History (6)
comment:1 Changed 2 years ago by alec
- Milestone changed from later to 0.6-beta
comment:2 Changed 2 years ago by drdol
Sorry, the link to the Dovecot mailinglist is wrong. Correct link is: Dovecot Auth failure delays
@alec: Thx, I will give it a try.
comment:3 Changed 2 years ago by alec
- Resolution set to fixed
- Status changed from new to closed
Fixed in [ab0b51a1].
comment:4 Changed 2 years ago by drdol
@alec: Thanx for the quick fix. It works as exacted.
comment:5 Changed 4 months ago by mceccarellitnx
- Milestone 0.6-beta deleted
- Resolution fixed deleted
- Status changed from closed to reopened
- Version changed from 0.5.1 to 0.8.4
I modify this ticket because i found a problem that we have pached.
Debugging fail login we have found a 5 second delay in rcube_imap_generic.php closeConnection().
At the end of authentication process RC call closeConnection and in closeConnection try to send the LOGOUT command to the imap server but in the case the user is not logged in this cause a 5 second delay (in our configuration with dovecot)
Original closeConnection (in rcube_imap_generic.php):
function closeConnection()
{
if ($this->putLine($this->nextTag() . ' LOGOUT')) {
$this->readReply();
}
$this->closeSocket();
}
Patched closeConnection:
function closeConnection()
{
if ($this->logged) {
if ($this->putLine($this->nextTag() . ' LOGOUT')) {
$this->readReply();
}
}
$this->closeSocket();
}
comment:6 Changed 4 months ago by alec
- Description modified (diff)
- Milestone set to 0.9-stable
- Resolution set to fixed
- Status changed from reopened to closed
Good catch, but you should open a new ticket. Fixed in 18372a236d459f2a098c8604a0f912f9aa728f98
You can set imap_auth_type.