We use PF instead of IPTABLES, where overloading leads to banning of specific IP (hence the useful absence of NAT). One such "workaround" would have to be managed, for example with an e-mail to alert sysadmin followed up by some manual labour. It is doable, but it does not solve the problem with dovecot, as shown with wireshark. A solution would consist in dovecot limiting the number of connections from the same IP, so that no IP is blacklisted by PF and the server keeps going without any denial of service. Only the specific TB client would be temporarily affected.
Sent from ProtonMail Mobile
On Tue, May 9, 2017 at 8:36 AM, Mihai Badici mihai@badici.ro wrote: I think is better to fix that using iptables, depending on your network topology (if you NAT the local lan traffic with destination the external IP of dovecot, it will answer with the external IP) . In yours case, looks like the trafic to the external IP isn't NAT-ed, which could cause troubles also for other kind of traffic.