On Dec 11, 2007, at 5:58 PM, dovecot-request@dovecot.org wrote:

Message: 10 Date: Tue, 11 Dec 2007 15:58:16 -0700 From: Patrick Milvich <patrick@milvich.com> Subject: [Dovecot] Fishing attempt locking up dovecot To: dovecot@dovecot.org Message-ID: <8C5CE5FE-BD2F-40C4-8A36-A4CD8BD533DB@milvich.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

I've mentioned this before but only heard from one other person who has experienced this, but it's becoming a pretty serious issue.

The situation: A spammer sets a bot on a fishing attempt to gain email addresses, causing numerous login processes to spawn and suck up all available resources.

The problem: Obviously this can act like a dos attack, but the real issue is after the spammer stops (by virtue of being added to our firewall blacklist, being caught and shut down by their isp, or otherwise), dovecot doesn't seem to relinquish the resources, causing "too many files open" errors for normal usage.

stuff cut out

End of dovecot Digest, Vol 56, Issue 33

---

Will the following be of any help to you? (it is a patch for Postfix
2.4.nn) It would seem that the type of fishing expedition you mention
would fall into the bit described below (lots of errors). While it
will not directly solve the "out of resources" Dovecot problem, it may
limit the up-front damage, followed with a CRON script running every
twenty minutes or so that scans the last line of the mail log for the
'too many files open' error and upon finding it runs a version of the
killall imap-login processes.

ftp://postfix.mirrors.pair.com/index.html

Postfix 2.4 patch (PGP signature ) to add stress-adaptive behavior to
the SMTP server. When some mail flood keeps all server ports busy,
this feature can be used to quickly drop connections from clients that
make errors, and to reduce the time that Postfix waits for a client
command. This may delay some legitimate deliveries, but it will allow
you to still keep some mail flowing. After the mail flood ends,
Postfix reverts to its normal behavior.