Re: [Dovecot] pop3 rate limit
On 2013-12-29 02:05, Christian Rößner wrote:
Hi,
we have customers with Exchange servers that are polling for new mail every minute with dozens of pop3 accounts. I am looking for a mechanism to rate limit this per user. So what I am looking for is a way to block users from polling, if a user asks for new mail more than every 5 minutes (for example).
Is this possible? Can this be achieved within Dovecot or does it need external scripting? (I thought about fail2ban, but also want IPv6 support)
Thanks in advance
-Christian Rößner
See: www.policyd.org
You'll need to use v2.1 to get IPV6 support.
Michael Hallager
- michael <dovecot@dovecot.org>:
On 2013-12-29 02:05, Christian Rößner wrote:
Hi,
we have customers with Exchange servers that are polling for new mail every minute with dozens of pop3 accounts. I am looking for a mechanism to rate limit this per user. So what I am looking for is a way to block users from polling, if a user asks for new mail more than every 5 minutes (for example).
Is this possible? Can this be achieved within Dovecot or does it need external scripting? (I thought about fail2ban, but also want IPv6 support)
Thanks in advance
-Christian Rößner
See: www.policyd.org
You'll need to use v2.1 to get IPV6 support.
policyd can rate limit dovecot POP3 users?
p@rick
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Is this possible? Can this be achieved within Dovecot or does it need external scripting? (I thought about fail2ban, but also want IPv6 support)
Thanks in advance
-Christian Rößner
See: www.policyd.org
You'll need to use v2.1 to get IPV6 support.
policyd can rate limit dovecot POP3 users?
p@rick
Yes - put your Dovecot on a dedicated IP address and set a Policyd quota limit based on user IP address. Only option I am aware of to granulate to port level is IP tables (or comparable FW)
Cheers,
Michael Hallager
Hello Benny,
Monday, December 30, 2013, 9:57:13 AM, you wrote:
Patrick Ben Koetter skrev den 2013-12-30 08:36:
policyd can rate limit dovecot POP3 users?
sure :)
i just think dovecot does it better
last resort would be ip6table/iptable
We're talking Dovecot, not Postfix. Policyd AFAIK is ran as a policy from within Postfix. That would be over SMTP and not POP3.
If there is some config within Dovecot to allow usage of policys written for Postfix, please point that out.
Searching the policyd.org site for terms like 'POP3' or 'Dovecot' yield no results.
-- Best regards, Duane mailto:duihi77@gmail.com
Hi,
policyd can rate limit dovecot POP3 users?
sure :)
i just think dovecot does it better
last resort would be ip6table/iptable
We're talking Dovecot, not Postfix. Policyd AFAIK is ran as a policy from within Postfix. That would be over SMTP and not POP3.
If there is some config within Dovecot to allow usage of policys written for Postfix, please point that out.
Searching the policyd.org site for terms like 'POP3' or 'Dovecot' yield no results.
That’s what I thought ;-)
In fact I would have to write an external policy service that really counts user/time. But as Robert said, there seems not to be a bigger problem with lots of connections, so I do not try to find a solution here anymore :-)
Thanks everybody
-Christian Rößner
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Christian Rößner skrev den 2013-12-30 17:28:
That’s what I thought ;-)
In fact I would have to write an external policy service that really counts user/time. But as Robert said, there seems not to be a bigger problem with lots of connections, so I do not try to find a solution here anymore :-)
think of rsyslog, that update dovecot sql table pop3 enable disable ? :=)
sorry just thinking loudly now, so close to new years eye
Duane Hill skrev den 2013-12-30 16:59:
Searching the policyd.org site for terms like 'POP3' or 'Dovecot' yield no results.
yes if its undokumented, then its unsupported, if dovecot anvil / dovecot pop3 cant do it then it could be added, if pop3 is a problem why not change to imap ?, where idle is supported
else its more or less just possible to use iptable recent to limit it
Am 30.12.2013 17:30, schrieb Benny Pedersen:
Duane Hill skrev den 2013-12-30 16:59:
Searching the policyd.org site for terms like 'POP3' or 'Dovecot' yield no results.
yes if its undokumented, then its unsupported
so what you are talking about?
if dovecot anvil / dovecot pop3 cant do it then it could be added
if it could cook it would not by a mobile-phone or what?
if pop3 is a problem why not change to imap ?, where idle is supported
why not stop talking about things you do not understand? read the OP again - the topic is fetch email with exchange-connector
else its more or less just possible to use iptable recent to limit it
yes, but that was not the question
michael skrev den 2013-12-30 02:35:
www.policyd.org You'll need to use v2.1 to get IPV6 support.
incorrect, policyd v1 still supports ipv6 greylistning, but it cant be used as a ipv6 server from postfix is another problem
same holds water with sqlgrey
On 2013-12-30 22:53, Benny Pedersen wrote:
michael skrev den 2013-12-30 02:35:
www.policyd.org You'll need to use v2.1 to get IPV6 support.
incorrect, policyd v1 still supports ipv6 greylistning, but it cant be used as a ipv6 server from postfix is another problem
same holds water with sqlgrey
v2.0 is supposed to support IPV6 but it is buggy (in my experience unusable). This is why I recommended v2.1 ewven though it is still in development.
participants (6)
-
Benny Pedersen
-
Christian Rößner
-
Duane Hill
-
michael
-
Patrick Ben Koetter
-
Reindl Harald