Connection throttling POP3.

Gary Mills mills at
Mon May 21 17:03:44 EDT 2007

On Mon, May 21, 2007 at 03:36:34PM -0500, Blake Hudson wrote:
> Andrew Morgan wrote:
> > On Mon, 21 May 2007, Matthew Schumacher wrote:
> >
> >> And this spammer is racking up a zillion processes which is killing my
> >> machine.  I need a way to throttle this somehow where he is only allowed
> >> one connection per IP at a time, or perhaps a way to ignore them after
> >> so many invalid passwords.

One-connection-per-IP only works when the users have individual IP
addresses.  If they're on a multi-user server or behind a proxy server,
this won't work.

> > You can use tcp-wrappers to block connections from that IP address
> > entirely.  I believe there are also some solutions to monitor
> > connections and automatically add IP addresses to the /etc/hosts.deny
> > file, but I've never used them myself.
> These types of threats are becoming more and more common and in reaction
> awareness is increasing and more software seems to be implementing
> mechanisms to cope. I would personally love to see Cyrus implement some
> sort of connection limit or throttling per IP/network/user. The current
> process limits do help ensure that one daemon does not make the machine
> unusable, but does nothing to prevent a DoS attack.

One thing that should be done is to report the behavior to the
relevant ISP.  If they don't know what their customer is doing,
they're not likely to take any actions.  I realize that sometimes
complaining is futile, but sometimes it has the desired effect.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the Info-cyrus mailing list