cyrus pop3 question
Jorey Bump
list at joreybump.com
Wed Apr 16 17:18:58 EDT 2008
Corey wrote, at 04/16/2008 04:29 PM:
> I just had an experience where my server was getting slammed with thousands
> of concurrent pop3 requests. This went on for over an hour before it finally
> ceased, at which point I was able to start cyrus again.
>
> Anyhow, what are some mechanisms to prevent this in the future?
I've managed to stop such brute force password attacks by requiring
encryption for all connections in imapd.conf:
sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
allowplaintext: no
sasl_minimum_layer: 128
Your environment may be different and require some tweaking. Test
thoroughly after making the changes. So far, I've only seen plaintext
brute force attacks against POP3, so maybe it's a limitation of current
malware. Nearly all modern clients can deal with this restriction, and
it's good best practice.
More information about the Info-cyrus
mailing list