On Mon, 2007-03-19 at 19:46 -0700, Sean Kamath wrote:
Earlier today I was hit with 612 login attempts in 7 minutes. They
ramped up slowly, too. :-)They quickly hit the file descriptor limit. And then a login server
spawned and died so quickly that dovecot just died.My question is, is there a way to throttle the number of login
connections? I'm doing it in my firewall now, but it would be nice
to be able to say something like "max-login-attempts: X" before we
blacklist the IP (for some configurable time).
I think it's just simpler to configure your system to handle such load. :) Give Dovecot enough file descriptors, or reduce the number of allowed login processes / connections. See http://wiki.dovecot.org/LoginProcess
Or are you using PAM? That could also be the problem since it forks new processes, and authentication cache doesn't work very well with it either.
http://dovecot.org/tools/imaptest.c is a nice tool to try stress testing logins. Use it something like: imaptest user=dummy password=something clients=100 - select=0
Some people want to limit number of connections coming to one user, so this kind of blacklisting feature could be implemented at the same time. Maybe for v2.0 or something..