Connection throttling POP3.

Peter Bücker buecker at
Tue May 22 16:05:28 EDT 2007

Matthew Schumacher wrote:
> May 21 11:02:01 larry pop3[5945]: badlogin: [] plaintext
> cristopher SASL(-13): authentication failure: checkpass failed
> May 21 11:02:02 larry pop3[5965]: badlogin: [] plaintext
> easter SASL(-13): authentication failure: checkpass failed
> May 21 11:02:10 larry pop3[5964]: badlogin: [] plaintext
> felicia SASL(-13): authentication failure: checkpass failed
> And this spammer is racking up a zillion processes which is killing my
> machine.  I need a way to throttle this somehow where he is only allowed
> one connection per IP at a time, or perhaps a way to ignore them after
> so many invalid passwords.

I suggest iptables as well. I use the following rule to limit SSH 
connections attempts to 1/minute in average, though a burst of 3/min is 

"iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 
-m limit --limit 1/min --limit-burst 3 -j ACCEPT"

Of course you need to combine this with a DROP policy.

You could also use connlimit:

"Allows you to restrict the number of parallel TCP connections to a 
server per client IP address (or address block)."

Please have a look at iptables(8) for more detailed instructions :-)


More information about the Info-cyrus mailing list