Connection throttling POP3.
Peter Bücker
buecker at phil-fak.uni-duesseldorf.de
Tue May 22 16:05:28 EDT 2007
Matthew Schumacher wrote:
> May 21 11:02:01 larry pop3[5945]: badlogin: [83.209.35.32] plaintext
> cristopher SASL(-13): authentication failure: checkpass failed
> May 21 11:02:02 larry pop3[5965]: badlogin: [83.209.35.32] plaintext
> easter SASL(-13): authentication failure: checkpass failed
> May 21 11:02:10 larry pop3[5964]: badlogin: [83.209.35.32] plaintext
> felicia SASL(-13): authentication failure: checkpass failed
>
> And this spammer is racking up a zillion processes which is killing my
> machine. I need a way to throttle this somehow where he is only allowed
> one connection per IP at a time, or perhaps a way to ignore them after
> so many invalid passwords.
I suggest iptables as well. I use the following rule to limit SSH
connections attempts to 1/minute in average, though a burst of 3/min is
allowed:
"iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22
-m limit --limit 1/min --limit-burst 3 -j ACCEPT"
Of course you need to combine this with a DROP policy.
You could also use connlimit:
"Allows you to restrict the number of parallel TCP connections to a
server per client IP address (or address block)."
Please have a look at iptables(8) for more detailed instructions :-)
Peter
More information about the Info-cyrus
mailing list