From 64bc7972cc41ad0cf42eb23a7fb8fefb3f97cd2d Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Fri, 24 Sep 2021 09:57:28 +0200
Subject: [PATCH] Make AUTH_RATELIMIT_IP 60/hour as discussed

---
 core/admin/mailu/configuration.py | 2 +-
 docs/configuration.rst            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py
index b0a1bf7b..fa6723f1 100644
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -36,7 +36,7 @@ DEFAULT_CONFIG = {
     'TLS_FLAVOR': 'cert',
     'INBOUND_TLS_ENFORCE': False,
     'DEFER_ON_TLS_ERROR': True,
-    'AUTH_RATELIMIT_IP': '10/hour',
+    'AUTH_RATELIMIT_IP': '60/hour',
     'AUTH_RATELIMIT_IP_V4_MASK': 24,
     'AUTH_RATELIMIT_IP_V6_MASK': 56,
     'AUTH_RATELIMIT_USER': '100/day',
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 73b56204..c736f30b 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -39,7 +39,7 @@ address.
 
 The ``WILDCARD_SENDERS`` setting is a comma delimited list of user email addresses that are allowed to send emails from any existing address (spoofing the sender).
 
-The ``AUTH_RATELIMIT_IP`` (default: 10/hour) holds a security setting for fighting
+The ``AUTH_RATELIMIT_IP`` (default: 60/hour) holds a security setting for fighting
 attackers that waste server ressources by trying to guess user passwords (typically
 using a password spraying attack). The value defines the limit of authentication
 attempts that will be processed on non-existing accounts for a specific IP subnet