Manpage logo

user_filter - Service plugin for application of user login limits

Name  Description  Configuration directives (gromox.cfg)  See also 

Name

user_filter — Service plugin for application of user login limits

Description

This plugin implements two core ideas (each independently configurable):

A mechanism for banning user identities for a set time window. When a user repeatedly fails to successfully authenticate, the http(8gx), imap(8gx), pop3(8gx) daemons can add the user to this list and set a time during which all authentication requests for the user are rejected. This is a bit like fail2ban, but operates on usernames rather than hosts/IP addresses.

A mechanism for rate-limiting authentication attempts. Whenever a user tries to authenticate, the daemons convey the occurrence to the user_filter plugin, and the plugin ensures that only a given amount of attempts can be made per time quantum, per user. This is a bit like iptables -m (hash)limit.

Configuration directives (gromox.cfg)

userfilter_icase

Treat usernames as case-insensitive within the user_filter plugin.
Default: true

userfilter_maxbans

Controls how much memory the banlist mechanism of user_filter is allowed to use at most, by limiting the number of unique usernames recorded. The list replacement policy is none (so, slightly different from MRU). The value 0 therefore deactivates user_filter’s banlist mechanism.
Default: 1000

userfilter_maxusers

Controls how much memory the rate-limiting mechanism of user_filter is allowed to use at most, by limiting the number of unique usernames. The list replacement policy is none. The value 0 therefore deactivates user_filter’s rate-limiting mechanism.
Default: 0

userfilter_rl_maxtries

Rate-limit all authentication calls to rl_maxtries per rl_window. Note that there can be a lot of requests, particularly over MAPI/HTTP since every single HTTP request counts as one attempt. (Opening a message with MFCMAPI already incurs 4 HTTP requests. The Windows EMSMDB connector is anything but efficient.)
Default: 10

userfilter_rl_window

Rate-limit all authentication attempts to rl_maxtries per rl_window.
Default: 1minute

See also

gromox(7)

Updated 2026-06-01 - jenkler.se | uex.se