Starting from v8.2.11, the product supports displaying CAPTCHA on login screen, ensuring that only humans can log into WebMail Lite interface.
This functionality makes use of Google reCAPTCHA service and it's provided by RecaptchaWebclientPlugin module.
The plugin is configured by editing
data/settings/modules/RecaptchaWebclientPlugin.config.json configuration file, by default it looks like this:
To enable this functionality, set Disabled to false. You'll need to supply PublicKey and PrivateKey values, those are obtained at reCAPTCHA web site. The key pair can be obtained for specific domain or set of domains. NB: Make sure to select version 2 of reCAPTCHA.
LimitCount value denotes number of unsuccessful login attempts required for CAPTCHA to be displayed. If it's set to 0, CAPTCHA is always displayed; if set to 3, it will only be displayed upon 3 failed login attempts.
In v8.3.18 we've added a new configuration value RequestMethod denoting request method used by API and set to "post" by default. If you encounter issue while setting up this module, try setting RequestMethod to either "curlpost" or "socketpost" instead.
Also, in v8.8 we've added WhitelistIPs configuration option. The idea behind the setting is to supply a list of IP addresses CAPTCHA will never be displayed for. Addresses need to be supplied as array, like this:
NB: If the above values are missing in your configuration file, make sure you're on the latest version, and try clicking "Update configuration" button in Database Settings screen of WebMail Lite admin interface.