limit pop login per user and per minute
Hi,
like I have written in the subject line I want to limit the pop login per user and per minute.
Currently I am having several customers which are fetching their email with popcon (MS Exchange).
This has never been a problem. But... They all have got the same "technician" which take care of their systems.
The problem is, that he misconfigured the servers of these customers. In detail: their servers are trying to fetch email every 2 - 5 seconds. For every email address.
In the past I contacted the technician and told him about his mistake. He was not very helpful and simply told me that he is doing the same configuration since several years at all of his customer servers. Without problems. It is up to me to fix my problem myself.
Well, I googled a lot but all I found is to limit for a specific IP or for a secific account. Both is not what I am looking for.
Maybe someone can give me a hint?
Thanks and kind regards
Markus
-- stairweb GmbH
Firmensitz: Gutenbergstr. 8, 94036 Passau Telefon: +49 (0)851 / 20426650 Telefax: +49 (0)851 / 20426655 e-Mail: info@stairweb.de Internet: www.stairweb.de Registergericht: Amtsgericht Passau, HRB 6044 Geschäftsführer: Markus Eckerl, Karl Preißler, Alexander Lengl
Am 22.03.2018 um 11:21 schrieb Markus Eckerl:
Hi,
like I have written in the subject line I want to limit the pop login per user and per minute.
Currently I am having several customers which are fetching their email with popcon (MS Exchange).
This has never been a problem. But... They all have got the same "technician" which take care of their systems.
The problem is, that he misconfigured the servers of these customers. In detail: their servers are trying to fetch email every 2 - 5 seconds. For every email address.
In the past I contacted the technician and told him about his mistake. He was not very helpful and simply told me that he is doing the same configuration since several years at all of his customer servers. Without problems. It is up to me to fix my problem myself.
Well, I googled a lot but all I found is to limit for a specific IP or for a secific account. Both is not what I am looking for.
Maybe someone can give me a hint?
Thanks and kind regards
Markus
I had about 5000 popcon users in the past , dovecot can handle this if you turn right parameters on. As far i remember there were also 2 different ways to configure popcon, users per time or all users in one session ( which was really bullshit ) , after all i wouldnt recommand trying limiting ,that might lead to further problems. Your customer has to understand his misconfiguration
some graph of that time is here
https://blog.sys4.de/xymon-dovecot-count-imap-pop3-logins-graph-central-rsys...
-- [*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
Am 22.03.2018 um 12:42 schrieb Robert Schetterer:
Am 22.03.2018 um 11:21 schrieb Markus Eckerl:
Hi,
like I have written in the subject line I want to limit the pop login per user and per minute.
Currently I am having several customers which are fetching their email with popcon (MS Exchange).
This has never been a problem. But... They all have got the same "technician" which take care of their systems.
The problem is, that he misconfigured the servers of these customers. In detail: their servers are trying to fetch email every 2 - 5 seconds. For every email address.
In the past I contacted the technician and told him about his mistake. He was not very helpful and simply told me that he is doing the same configuration since several years at all of his customer servers. Without problems. It is up to me to fix my problem myself.
Well, I googled a lot but all I found is to limit for a specific IP or for a secific account. Both is not what I am looking for.
Maybe someone can give me a hint?
Thanks and kind regards
Markus
I had about 5000 popcon users in the past , dovecot can handle this if you turn right parameters on. As far i remember there were also 2 different ways to configure popcon, users per time or all users in one session ( which was really bullshit ) , after all i wouldnt recommand trying limiting ,that might lead to further problems. Your customer has to understand his misconfiguration
some graph of that time is here
https://blog.sys4.de/xymon-dovecot-count-imap-pop3-logins-graph-central-rsys...
beside iptables recent, or fail2ban which may have unwanted side effects and only work by ip
here was a post with a dovecot solution
https://www.dovecot.org/list/dovecot/2017-July/108521.html
never tested this
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On Thu, 22 Mar 2018, Markus Eckerl wrote:
The problem is, that he misconfigured the servers of these customers. In detail: their servers are trying to fetch email every 2 - 5 seconds. For every email address.
In the past I contacted the technician and told him about his mistake. He was not very helpful and simply told me that he is doing the same configuration since several years at all of his customer servers. Without problems. It is up to me to fix my problem myself.
Seems to me you're bending over backwards to fix someone else's problem, and what you really need is an "attitude adjustment" tool for obnoxious clients who use your service like they're the only ones that matter.
Apart from what others can suggest (I think dovecot allows delegation of usage to a separate policyd service), you can perhaps use firewall throttling e.g.
https://making.pusher.com/per-ip-rate-limiting-with-iptables/It can't do it per user, but perhaps it is better to set a global limit and let your downstream client better manage and conserve a limited resource.
Joseph Tam jtam.home@gmail.com
On Thu, Mar 22, 2018 at 1:41 PM, Joseph Tam jtam.home@gmail.com wrote:
On Thu, 22 Mar 2018, Markus Eckerl wrote:
The problem is, that he misconfigured the servers of these customers. In
detail: their servers are trying to fetch email every 2 - 5 seconds. For every email address.
In the past I contacted the technician and told him about his mistake. He was not very helpful and simply told me that he is doing the same configuration since several years at all of his customer servers. Without problems. It is up to me to fix my problem myself.
Seems to me you're bending over backwards to fix someone else's problem, and what you really need is an "attitude adjustment" tool for obnoxious clients who use your service like they're the only ones that matter.
Apart from what others can suggest (I think dovecot allows delegation of usage to a separate policyd service), you can perhaps use firewall throttling e.g.
https://making.pusher.com/per-ip-rate-limiting-with-iptables/It can't do it per user, but perhaps it is better to set a global limit and let your downstream client better manage and conserve a limited resource.
Might be a good use of the new authpolicy stuff. You could run a local weakforced with 1 minute windows and break auth for certain IPs that do more than one login per minute.
participants (4)
-
Joseph Tam
-
Mark Moseley
-
Markus Eckerl
-
Robert Schetterer