[Dovecot] avoiding DoS

Noel Butler noel.butler at ausics.net
Fri Sep 4 00:59:18 EEST 2009


On Thu, 2009-09-03 at 11:07 -0400, David Halik wrote:

> Hi,
> 
> I was just looking for some advice on avoiding getting DoS'd from brute 
> force log in attempts. We came in this morning to find that one of our 
> Solaris 9 dovecot severs had wedged overnight due to a brute force 
> connection attempt to pop3 from Brasil. In the span of about 15 seconds 
> we received 342 connection auth attempts from the same IP:



> Dovecot finally wedged silently and without complaint, becoming 
> completely unresponsive. I had to kill -9 it this morning in order to 


You have bigger problems then Dovecot if that caused it to cease
responding.

Haven't touched solaris in years, but doesnt ipfilter allow for rate
limiting number of connections, like Linux's iptables?





More information about the dovecot mailing list