cyrus pop3 question

Blake Hudson blake at ispn.net
Wed Apr 16 18:05:41 EDT 2008


-------- Original Message  --------
Subject: Re: cyrus pop3 question
From: Jorey Bump <list at joreybump.com>
To: Corey <corey_s at qwest.net>
Date: Wednesday, April 16, 2008 4:18:58 PM
> Corey wrote, at 04/16/2008 04:29 PM:
>   
>> I just had an experience where my server was getting slammed with thousands
>> of concurrent pop3 requests. This went on for over an hour before it finally
>> ceased, at which point I was able to start cyrus again.
>>
>> Anyhow, what are some mechanisms to prevent this in the future?
>>     
>
> I've managed to stop such brute force password attacks by requiring 
> encryption for all connections in imapd.conf:
>
> sasl_pwcheck_method: auxprop
> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> allowplaintext: no
> sasl_minimum_layer: 128
>
> Your environment may be different and require some tweaking. Test 
> thoroughly after making the changes. So far, I've only seen plaintext 
> brute force attacks against POP3, so maybe it's a limitation of current 
> malware. Nearly all modern clients can deal with this restriction, and 
> it's good best practice.
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>   
You can rate limit new connections using iptables... 
http://www.debian-administration.org/articles/187

I imagine most normal connections are persistent with POP. Some IMAP 
clients may not be so nice, notably squirrelmail creates and tears down 
an IMAP connection for every user click.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080416/ef6828c9/attachment.html 


More information about the Info-cyrus mailing list