Throttling pop3-login connections
Gene Heskett
gheskett at wdtv.com
Fri Aug 8 20:40:18 UTC 2014
On Friday 08 August 2014 14:11:21 Alex did opine
And Gene did reply:
> Hi,
>
> I have a fedora20 system with dovecot-2.2.13 running various services,
> including pop3. I'm noticing some users are frequently hamming pop3,
> and wondered if this was normal, or something I should be
> investigating?
>
> Aug 8 14:05:20 email dovecot: pop3-login: Login: user=<user1>,
> method=PLAIN, rip=97.77.115.121, lip=192.168.1.1, mpid=30509,
> session=<DnRtDCIAUQBhTXN5>
> Aug 8 14:05:21 email dovecot: pop3(user1): Disconnected: Logged out
> top=0/0, retr=0/0, del=0/15, size=5693601
>
> So it is immediately followed by a logout, but when there are 50 of
> them successively in a five minute period, I wondered if it is
> creating unnecessary overhead on the system?
>
> I suppose this most likely is how they have their email client
> configured, but wondered if some throttling would be necessary?
>
> Any advice would be most appreciated.
> Thanks,
> Alex
Depends on how they are accessing it. I use fetchmail here, without any
working imap (so I am still a lurker trying to figure out this imap
thing), and I have fetchmail set to scan each of 3 ISP accounts, sleeping
3 minutes after the scan is complete before starting the next scan. No
ISP has complained in the about 8 years I have been doing it 24/7/365.25
Anybody hitting it at a noticeably higher rate should be encouraged to
reconfigure their agent for a friendlier scan interval. If that doesn't
work, I'd study up on tar pitting. Many email agents are essentially
locked for the user while they scan for new mail, so I'm reasonably sure
that would "get their attention".
I just noticed the rip address and the local address aren't even in the
same network block, that would make me check your network as NO
192.168.xx.xx address is supposed to be accessible from a world wide
address beyond your router unless you've enabled a port forward rule in
the router.
That would make me get out the scanner (I use the clamav kit here) looking
for evidence of a "powned" machine.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
More information about the dovecot
mailing list