diff --git a/lib/consts.js b/lib/consts.js index bf5b284d..5ba053b4 100644 --- a/lib/consts.js +++ b/lib/consts.js @@ -51,7 +51,8 @@ module.exports = { USER_AUTH_WINDOW: 120, // how many authentication failures per ip to allow before blocking until the end of the auth window - IP_AUTH_FAILURES: 10, + //IP_AUTH_FAILURES: 10, + IP_AUTH_FAILURES: 0, // disable IP rate limiting for now as too many false positives occurred while scanners use unique IPs // authentication window in seconds, starts counting from first invalid authentication IP_AUTH_WINDOW: 300, diff --git a/lib/user-handler.js b/lib/user-handler.js index ff8a03be..ed71cbb1 100644 --- a/lib/user-handler.js +++ b/lib/user-handler.js @@ -261,7 +261,7 @@ class UserHandler { * @param {Function} callback */ rateLimitIP(meta, count, callback) { - if (!meta || !meta.ip) { + if (!meta || !meta.ip || !consts.IP_AUTH_FAILURES) { return callback(null, { success: true }); } let wlKey = 'rl-wl'; diff --git a/package.json b/package.json index 3436f654..54e283f5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "wildduck", - "version": "1.10.3", + "version": "1.10.4", "description": "IMAP/POP3 server built with Node.js and MongoDB", "main": "server.js", "scripts": { @@ -16,7 +16,7 @@ "author": "Andris Reinman", "license": "EUPL-1.1+", "devDependencies": { - "ajv": "6.5.4", + "ajv": "6.5.5", "apidoc": "0.17.6", "browserbox": "0.9.1", "chai": "4.2.0", @@ -24,7 +24,7 @@ "eslint-config-nodemailer": "1.2.0", "eslint-config-prettier": "3.1.0", "grunt": "1.0.3", - "grunt-cli": "1.3.1", + "grunt-cli": "1.3.2", "grunt-eslint": "21.0.0", "grunt-mocha-test": "0.13.3", "grunt-shell-spawn": "0.3.10", @@ -50,7 +50,7 @@ "ioredfour": "1.0.2-ioredis-02", "ioredis": "4.2.0", "isemail": "3.2.0", - "joi": "14.0.3", + "joi": "14.0.4", "js-yaml": "3.12.0", "key-fingerprint": "1.1.0", "libbase64": "1.0.3",