cyrus pop3 question
Blake Hudson
blake at ispn.net
Wed Apr 16 18:05:41 EDT 2008
-------- Original Message --------
Subject: Re: cyrus pop3 question
From: Jorey Bump <list at joreybump.com>
To: Corey <corey_s at qwest.net>
Date: Wednesday, April 16, 2008 4:18:58 PM
> Corey wrote, at 04/16/2008 04:29 PM:
>
>> I just had an experience where my server was getting slammed with thousands
>> of concurrent pop3 requests. This went on for over an hour before it finally
>> ceased, at which point I was able to start cyrus again.
>>
>> Anyhow, what are some mechanisms to prevent this in the future?
>>
>
> I've managed to stop such brute force password attacks by requiring
> encryption for all connections in imapd.conf:
>
> sasl_pwcheck_method: auxprop
> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> allowplaintext: no
> sasl_minimum_layer: 128
>
> Your environment may be different and require some tweaking. Test
> thoroughly after making the changes. So far, I've only seen plaintext
> brute force attacks against POP3, so maybe it's a limitation of current
> malware. Nearly all modern clients can deal with this restriction, and
> it's good best practice.
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
You can rate limit new connections using iptables...
http://www.debian-administration.org/articles/187
I imagine most normal connections are persistent with POP. Some IMAP
clients may not be so nice, notably squirrelmail creates and tears down
an IMAP connection for every user click.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080416/ef6828c9/attachment.html
More information about the Info-cyrus
mailing list