When we get 1-2 of these going at a time, it kills the server, and we need to restart imap. If there was* some kind of per-ip/login limit, I bet we wouldn't exceed the resources. In this case, we know this is an employee using an unsupported client from outside - but, we have no way to block the IP (need to keep in contact with the remote IP), and there doesn't seem to be a "only accept from these imap clients" option, either... It's totally unacceptable for me to tell my boss the mailserver died because someone used a bad mail program. :/
Maybe this would be really hard to implement in dovecot, but I just wanted to second the notion that it would be a good thing(tm). Whilst this is true, in the mean time, you could use netfilter to limit
Dean Blackburn wrote: <snip> the number of open TCP connections using connlimit from patch-o-matic (base).
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-connl...
iptables -p tcp --syn --dport 143 -m connlimit --connlimit-above 2 -j REJECT
Thanks,
-deano
Regards Marten