|
|
|
@ -40,11 +40,12 @@ address.
|
|
|
|
|
The ``WILDCARD_SENDERS`` setting is a comma delimited list of user email addresses
|
|
|
|
|
that are allowed to send emails from any existing address (spoofing the sender).
|
|
|
|
|
|
|
|
|
|
The ``AUTH_RATELIMIT_IP`` (default: 60/hour) holds a security setting for fighting
|
|
|
|
|
attackers that waste server resources by trying to guess user passwords (typically
|
|
|
|
|
using a password spraying attack). The value defines the limit of authentication
|
|
|
|
|
attempts that will be processed on non-existing accounts for a specific IP subnet
|
|
|
|
|
(as defined in ``AUTH_RATELIMIT_IP_V4_MASK`` and ``AUTH_RATELIMIT_IP_V6_MASK`` below).
|
|
|
|
|
The ``AUTH_RATELIMIT_IP`` (default: 5/hour) holds a security setting for fighting
|
|
|
|
|
attackers that attempt a password spraying attack. The value defines the limit of
|
|
|
|
|
authentication attempts that will be processed on **distinct** non-existing
|
|
|
|
|
accounts for a specific IP subnet as defined in
|
|
|
|
|
``AUTH_RATELIMIT_IP_V4_MASK`` (default: /24) and
|
|
|
|
|
``AUTH_RATELIMIT_IP_V6_MASK`` (default: /56).
|
|
|
|
|
|
|
|
|
|
The ``AUTH_RATELIMIT_USER`` (default: 100/day) holds a security setting for fighting
|
|
|
|
|
attackers that attempt to guess a user's password (typically using a password
|
|
|
|
|