[Dovecot] limit login concurencly from different ip
Hi,
can i configure dovecot to limit the max number of login concurencly?
I read in documentation that there is "mail_max_userip_connections", but in this way i limit the login that come from same ip. If the same user tries to connect from different ip, he succeeds.
Can i do it?
Thanks
On Tue, 2010-12-07 at 13:22 +0100, Giovanni Mancuso wrote:
I read in documentation that there is "mail_max_userip_connections", but in this way i limit the login that come from same ip. If the same user tries to connect from different ip, he succeeds.
Can i do it?
Not directly. If you don't care about mail_max_userip_connections, you can force it to ignore the user's IP with some hack:
a) modify source code
b) send all traffic via a dummy localhost proxy, which changes Dovecot to see the IP as 127.0.0.1
Why do you want this anyway? Are you trying to prevent one user accidentally from using too many connections, or to prevent intentional DoS? I think the former is pretty unlikely, and the latter can be worked around by DDoSing instead.
On 08/12/2010 00:29, Timo Sirainen wrote:
On Tue, 2010-12-07 at 13:22 +0100, Giovanni Mancuso wrote:
I read in documentation that there is "mail_max_userip_connections", but in this way i limit the login that come from same ip. If the same user tries to connect from different ip, he succeeds.
Can i do it? Not directly. If you don't care about mail_max_userip_connections, you can force it to ignore the user's IP with some hack:
a) modify source code Can i wirite a plugin to do this? Or i must modify source.
OT: Is there a valid documentation that explain how can i write a plugin?
b) send all traffic via a dummy localhost proxy, which changes Dovecot to see the IP as 127.0.0.1
Why do you want this anyway? Are you trying to prevent one user accidentally from using too many connections, or to prevent intentional DoS? I think the former is pretty unlikely, and the latter can be worked around by DDoSing instead.
In my system, there are some users that connect with the same username, and i would prevent this.
Thanks
On Fri, 2010-12-10 at 10:54 +0100, Giovanni Mancuso wrote:
Not directly. If you don't care about mail_max_userip_connections, you can force it to ignore the user's IP with some hack:
a) modify source code Can i wirite a plugin to do this? Or i must modify source.
Can't do via plugin.
OT: Is there a valid documentation that explain how can i write a plugin?
There are many kinds of plugins. Anyway, http://wiki2.dovecot.org/Design/Plugins (and other Design/* pages) have some information.
participants (2)
-
Giovanni Mancuso
-
Timo Sirainen