v1.10.4

lib/consts.js

@@ -51,7 +51,8 @@ module.exports = {
     USER_AUTH_WINDOW: 120,
 
     // how many authentication failures per ip to allow before blocking until the end of the auth window
-    IP_AUTH_FAILURES: 10,
+    //IP_AUTH_FAILURES: 10,
+    IP_AUTH_FAILURES: 0, // disable IP rate limiting for now as too many false positives occurred while scanners use unique IPs
     // authentication window in seconds, starts counting from first invalid authentication
     IP_AUTH_WINDOW: 300,
 

lib/user-handler.js

@@ -261,7 +261,7 @@ class UserHandler {
      * @param  {Function} callback
      */
     rateLimitIP(meta, count, callback) {
-        if (!meta || !meta.ip) {
+        if (!meta || !meta.ip || !consts.IP_AUTH_FAILURES) {
             return callback(null, { success: true });
         }
         let wlKey = 'rl-wl';

package.json

@@ -1,6 +1,6 @@
 {
     "name": "wildduck",
-    "version": "1.10.3",
+    "version": "1.10.4",
     "description": "IMAP/POP3 server built with Node.js and MongoDB",
     "main": "server.js",
     "scripts": {
@@ -16,7 +16,7 @@
     "author": "Andris Reinman",
     "license": "EUPL-1.1+",
     "devDependencies": {
-        "ajv": "6.5.4",
+        "ajv": "6.5.5",
         "apidoc": "0.17.6",
         "browserbox": "0.9.1",
         "chai": "4.2.0",
@@ -24,7 +24,7 @@
         "eslint-config-nodemailer": "1.2.0",
         "eslint-config-prettier": "3.1.0",
         "grunt": "1.0.3",
-        "grunt-cli": "1.3.1",
+        "grunt-cli": "1.3.2",
         "grunt-eslint": "21.0.0",
         "grunt-mocha-test": "0.13.3",
         "grunt-shell-spawn": "0.3.10",
@@ -50,7 +50,7 @@
         "ioredfour": "1.0.2-ioredis-02",
         "ioredis": "4.2.0",
         "isemail": "3.2.0",
-        "joi": "14.0.3",
+        "joi": "14.0.4",
         "js-yaml": "3.12.0",
         "key-fingerprint": "1.1.0",
         "libbase64": "1.0.3",