Connection throttling POP3.
Robert Banz
banz at umbc.edu
Tue May 22 11:14:49 EDT 2007
On May 22, 2007, at 10:34, Philip H. O'Neill wrote:
> We do the same but there is an issues.
>
> One File::Tail delays polling the log for up to 30 seconds unless you
> tell it otherwise. So it will allow a number of attempts before
> reading
> the log. If you increase the polling you add load to the system. Not
> much but some.
>
> We like the idea of adding the timer to iptables along with logging so
> the address can be tracked. If the address comes back then it can be
> added to a permanent block.
We're not running this on linux (no iptables) but using Solaris'
ipfilter. The timer function seems nice; we just have the daemon
keep a database of the 'bad' ips and release the block whenever one
times out.
It's not, by any means, the "perfect" solution* -- there is no such
thing. However, it's quick, easy, and stops 99% of your problems.
*security people seem to obsess on "perfect" solutions. It bothers me.
-rob
More information about the Info-cyrus
mailing list