Connection throttling POP3.
Jonathan Villa
jVilla at innovativesource.net
Mon May 21 15:43:26 EDT 2007
For a temporary solution... use IPTABLES
iptables -s 83.209.35.32 -j DROP
or something like that. I think that will drop ALL connections from the IP.
----- Original Message -----
From: Matthew Schumacher <matt.s at aptalaska.net>
Sent: Mon, 5/21/2007 2:40pm
To: info-cyrus at lists.andrew.cmu.edu
Subject: Connection throttling POP3.
List,
I'm getting some spammer trying to guess usernames and passwords:
May 21 11:01:55 larry pop3[5845]: badlogin: [83.209.35.32] plaintext bob
SASL(-13): authentication failure: checkpass failed
May 21 11:01:54 larry pop3[5860]: badlogin: [83.209.35.32] plaintext
complaints SASL(-13): authentication failure: checkpass failed
May 21 11:01:56 larry pop3[5922]: badlogin: [83.209.35.32] plaintext
diablo SASL(-13): authentication failure: checkpass failed
May 21 11:01:58 larry pop3[5924]: badlogin: [83.209.35.32] plaintext
darren SASL(-13): authentication failure: checkpass failed
May 21 11:02:00 larry pop3[5927]: badlogin: [83.209.35.32] plaintext
dallas SASL(-13): authentication failure: checkpass failed
May 21 11:02:00 larry pop3[5939]: badlogin: [83.209.35.32] plaintext
edgar SASL(-13): authentication failure: checkpass failed
May 21 11:02:01 larry pop3[5945]: badlogin: [83.209.35.32] plaintext
cristopher SASL(-13): authentication failure: checkpass failed
May 21 11:02:02 larry pop3[5965]: badlogin: [83.209.35.32] plaintext
easter SASL(-13): authentication failure: checkpass failed
May 21 11:02:10 larry pop3[5964]: badlogin: [83.209.35.32] plaintext
felicia SASL(-13): authentication failure: checkpass failed
And this spammer is racking up a zillion processes which is killing my
machine. I need a way to throttle this somehow where he is only allowed
one connection per IP at a time, or perhaps a way to ignore them after
so many invalid passwords.
Anyone know of a way to do this?
schu
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list