DoS (was IMAP-auth on LAN and otherwise)

Rupert Gallagher ruga at protonmail.com
Tue May 9 13:55:36 EEST 2017


We use PF instead of IPTABLES, where overloading leads to banning of specific IP (hence the useful absence of NAT). One such "workaround" would have to be managed, for example with an e-mail to alert sysadmin followed up by some manual labour. It is doable, but it does not solve the problem with dovecot, as shown with wireshark. A solution would consist in dovecot limiting the number of connections from the same IP, so that no IP is blacklisted by PF and the server keeps going without any denial of service. Only the specific TB client would be temporarily affected.

Sent from ProtonMail Mobile

On Tue, May 9, 2017 at 8:36 AM, Mihai Badici <mihai at badici.ro> wrote: I think is better to fix that using iptables, depending on your network
topology (if you NAT the local lan traffic with destination the external IP of
dovecot, it will answer with the external IP) . In yours case, looks like the
trafic to the external IP isn't NAT-ed, which could cause troubles also for
other kind of traffic.


More information about the dovecot mailing list