cyrus 2.5 imap idle/stuck connections (DOS like)

Ivan Kuznetsov kia at solvo.ru
Thu Mar 7 09:55:50 EST 2019 

Hello

iptables -A INPUT -p tcp --syn --dport 143 -m connlimit 
--connlimit-above 8 -j REJECT

This will limit established imap connections to 8 per ip


07.03.2019 17:39, Heiler Bemerguy via Info-cyrus пишет:
> Yes I've read imapd.conf and cyrus.conf and found no options to limit 
> connections per source IP or "idleness"..
> 
> It means anyone can open a lot of connections to any port (143, 25, 110 
> etc) and render the server unusable??
> 
> I'm using Debian, so I'll try to figure out how to do that with 
> iptables.. Thanks!
> 
> 
> Best Regards,
> 
> Heiler Bensimon Bemerguy - CINBESA
> Analista de Redes, Wi-Fi,
> Virtualização e Serviços Internet
> (55) 91 98151-4894
> 
> Em 07/03/2019 11:25, Willem Offermans escreveu:
>> Dear Cyrus friends and Heiler Bensimon Bemerguy,
>>
>> You could use your firewall to achieve this.
>>
>> For ipfw:
>>
>> ${fwcmd} add pass tcp from any to ${ip_me} imap setup limit src-addr 10
>>
>> You have to lookup the right syntax for your firewall.
>>
>> Dit you check man imapd or man cyrus, maybe there is also an option 
>> for the daemon itself, but I would prefer the firewall.
>>
>>
>> Wiel Offermans
>> Willem at Offermans.Rompen.nl <mailto:Willem at Offermans.Rompen.nl>
>>
>>
>>
>>
>>> On 7 Mar 2019, at 14:53, Heiler Bemerguy via Info-cyrus 
>>> <info-cyrus at lists.andrew.cmu.edu 
>>> <mailto:info-cyrus at lists.andrew.cmu.edu>> wrote:
>>>
>>> Hail,
>>>
>>> I've noticed an user with ~200 open connections to cyrus imap port 
>>> (143) and, because of him, no one else could login to the server.
>>>
>>> I've noticed even with a single "telnet ip 143", the connection is 
>>> accepted and never ever dropped, even while still unauthenticated.
>>>
>>> How to stop that from happening?
>>>
>>> cyrus.conf:
>>> imap            cmd="imapd -U 30" listen="imap" prefork=6 maxchild=200
>>>
>>>
>>> -- 
>>> Atenciosamente,
>>>
>>> Heiler Bensimon Bemerguy - CINBESA
>>> Analista de Redes, Wi-Fi,
>>> Virtualização e Serviços Internet
>>> (55) 91 98151-4894
>>>
>>> ----
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>
> 
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 

-- 
С уважением, Иван Кузнецов
Руководитель технического отдела

Компания "СОЛВО"
+7(812)60-60-555
+7(495)66-83-003
+7(921)740-72-61
http://www.solvo.ru

More information about the Info-cyrus mailing list