cyrus pop3 question

Jorey Bump list at joreybump.com
Wed Apr 16 17:18:58 EDT 2008


Corey wrote, at 04/16/2008 04:29 PM:
> I just had an experience where my server was getting slammed with thousands
> of concurrent pop3 requests. This went on for over an hour before it finally
> ceased, at which point I was able to start cyrus again.
> 
> Anyhow, what are some mechanisms to prevent this in the future?

I've managed to stop such brute force password attacks by requiring 
encryption for all connections in imapd.conf:

sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
allowplaintext: no
sasl_minimum_layer: 128

Your environment may be different and require some tweaking. Test 
thoroughly after making the changes. So far, I've only seen plaintext 
brute force attacks against POP3, so maybe it's a limitation of current 
malware. Nearly all modern clients can deal with this restriction, and 
it's good best practice.


More information about the Info-cyrus mailing list