cyrus pop3 question
list at joreybump.com
Wed Apr 16 17:18:58 EDT 2008
Corey wrote, at 04/16/2008 04:29 PM:
> I just had an experience where my server was getting slammed with thousands
> of concurrent pop3 requests. This went on for over an hour before it finally
> ceased, at which point I was able to start cyrus again.
> Anyhow, what are some mechanisms to prevent this in the future?
I've managed to stop such brute force password attacks by requiring
encryption for all connections in imapd.conf:
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Your environment may be different and require some tweaking. Test
thoroughly after making the changes. So far, I've only seen plaintext
brute force attacks against POP3, so maybe it's a limitation of current
malware. Nearly all modern clients can deal with this restriction, and
it's good best practice.
More information about the Info-cyrus