Throttling pop3-login connections

Gene Heskett gheskett at wdtv.com
Fri Aug 8 20:40:18 UTC 2014


On Friday 08 August 2014 14:11:21 Alex did opine
And Gene did reply:
> Hi,
> 
> I have a fedora20 system with dovecot-2.2.13 running various services,
> including pop3. I'm noticing some users are frequently hamming pop3,
> and wondered if this was normal, or something I should be
> investigating?
> 
> Aug  8 14:05:20 email dovecot: pop3-login: Login: user=<user1>,
> method=PLAIN, rip=97.77.115.121, lip=192.168.1.1, mpid=30509,
> session=<DnRtDCIAUQBhTXN5>
> Aug  8 14:05:21 email dovecot: pop3(user1): Disconnected: Logged out
> top=0/0, retr=0/0, del=0/15, size=5693601
> 
> So it is immediately followed by a logout, but when there are 50 of
> them successively in a five minute period, I wondered if it is
> creating unnecessary overhead on the system?
> 
> I suppose this most likely is how they have their email client
> configured, but wondered if some throttling would be necessary?
> 
> Any advice would be most appreciated.
> Thanks,
> Alex

Depends on how they are accessing it.  I use fetchmail here, without any 
working imap (so I am still a lurker trying to figure out this imap 
thing), and I have fetchmail set to scan each of 3 ISP accounts, sleeping 
3 minutes after the scan is complete before starting the next scan.  No 
ISP has complained in the about 8 years I have been doing it 24/7/365.25

Anybody hitting it at a noticeably higher rate should be encouraged to 
reconfigure their agent for a friendlier scan interval.  If that doesn't 
work, I'd study up on tar pitting.  Many email agents are essentially 
locked for the user while they scan for new mail, so I'm reasonably sure 
that would "get their attention".

I just noticed the rip address and the local address aren't even in the 
same network block, that would make me check your network as NO 
192.168.xx.xx address is supposed to be accessible from a world wide 
address beyond your router unless you've enabled a port forward rule in 
the router.

That would make me get out the scanner (I use the clamav kit here) looking 
for evidence of a "powned" machine.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS


More information about the dovecot mailing list