Mailu: Ratelimit only failed authentications

I am not opposed to this, but one should not need to authenticate fast, even with valid credentials, because a. it uses a lot of resources (pbkdf is expensive) b. one should be able to authenticate then use the connection to send multiple mails or perform multiple actions.

I agree… but things like msmtp don't support re-using a connection :(

Okay. Then my intuition would be to:

1. Take the opportunity to remove the need for new connections in most cases, starting with the webmail for instance, which has become an issue
2. Provide documentation on best practice to authenticate once and keep the connection open so we do not create a dos vulnerability by removing the rate limit.

One option for dealing with incompatible muas is to setup an MTA for the job, postfix itself has a connection cache for instance.

I just re-branded your nice #635, which greatly improves authentication performance. Maybe this is not required anymore. See #667.

Not sure if related (but I guess it is). When Rainloop is used and a user switches between different folders quickly:

2019/09/26 13:51:11 [info] 8#8: *9185 client login failed: "Authentication rate limit from one source exceeded" while in http auth state, client: 192.168.203.13, server: 0.0.0.0:10143, login: "[email protected]"