Connection throttling POP3.

Robert Banz banz at
Tue May 22 11:14:49 EDT 2007

On May 22, 2007, at 10:34, Philip H. O'Neill wrote:

> We do the same but there is an issues.
> One File::Tail delays polling the log for up to 30 seconds unless you
> tell it otherwise. So it will allow a number of attempts before  
> reading
> the log. If you increase the polling you add load to the system. Not
> much but some.
> We like the idea of adding the timer to iptables along with logging so
> the address can be tracked. If the address comes back then it can be
> added to a permanent block.

We're not running this on linux (no iptables) but using Solaris'  
ipfilter.  The timer function seems nice; we just have the daemon  
keep a database of the 'bad' ips and release the block whenever one  
times out.

It's not, by any means, the "perfect" solution* -- there is no such  
thing.  However, it's quick, easy, and stops 99% of your problems.

*security people seem to obsess on "perfect" solutions.  It bothers me.


More information about the Info-cyrus mailing list