[Dovecot] Throttle New Connections?
Sean Kamath
kamath at geekoids.com
Tue Nov 20 05:55:40 EET 2007
On Nov 19, 2007, at 9:24 AM, Joe Allesi -X (joallesi - Coyote Creek
Consulting at Cisco) wrote:
> All,
>
> Is anyone using iptables (recent module), or any other alternatives,
> to
> throttle the number of new imap or pop connections per minute? We have
> some applications that like to login every second to pull mail using
> imap, so we'd like to protect the entire dovecot server from these
> applications. We've already made the change over to high-perf mode,
> but
> we still need some type of denial of service protection. Any real-
> world
> data would be appreciated.
Yeah, I throttle initial connections per IP to something like 15 or
20. I started doing this after I got hit with a little more than 600
connections/second for a few minutes.
I use OpenBSD with pf.
Sean
More information about the dovecot
mailing list