[Dovecot] Throttle New Connections?

Sean Kamath kamath at geekoids.com
Tue Nov 20 05:55:40 EET 2007


On Nov 19, 2007, at 9:24 AM, Joe Allesi -X (joallesi - Coyote Creek  
Consulting at Cisco) wrote:

> All,
>
> Is anyone using iptables (recent module), or any other alternatives,  
> to
> throttle the number of new imap or pop connections per minute? We have
> some applications that like to login every second to pull mail using
> imap, so we'd like to protect the entire dovecot server from these
> applications. We've already made the change over to high-perf mode,  
> but
> we still need some type of denial of service protection. Any real- 
> world
> data would be appreciated.

Yeah, I throttle initial connections per IP to something like 15 or  
20.  I started doing this after I got hit with a little more than 600  
connections/second for a few minutes.

I use OpenBSD with pf.

Sean


More information about the dovecot mailing list