[Dovecot] limiting the per-time connections from one single IP address
Hi every we had a havy pop3 attach yesterday morning: about 400'000 connects in three hours from one single IP address within wandadoo.fr.
the easiest way, to protect the dovecot server against such attacks would be to limit the number of connections anyone can open from one single IP address to the server in a certain time.
this feature is available in newer versions of postfix, where i have limited the number of SMTP connections possible from one single IP address in one minute to three (3).
i checked to see in the dovecot-wiki, but found only the #login_max_processes_count = 128 #login_max_connections = 256
which both do not contain neither a per-time constraint nor a per-IP-address constraint.
is this already possible with current versions of deovecot?
the dovecot -n: # 1.0.14: /etc/dovecot.conf ssl_cert_file: /etc/pki/ldap/mirador.cert.pem ssl_key_file: /etc/pki/ldap/mirador.key.pem login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login first_valid_uid: 51 mail_location: maildir:%h/%m mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: passdb: driver: ldap args: /etc/openldap/dovecot.conf userdb: driver: ldap args: /etc/openldap/dovecot.conf
thank you very much for any valid hint.
suomi
On Mon, 2008-07-28 at 17:23 +0200, suomi wrote:
Hi every we had a havy pop3 attach yesterday morning: about 400'000 connects in three hours from one single IP address within wandadoo.fr.
the easiest way, to protect the dovecot server against such attacks would be to limit the number of connections anyone can open from one single IP address to the server in a certain time.
It's available in 1.1:
# Maximum number of POP3 connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. #mail_max_userip_connections = 3
Rick
suomi wrote:
Hi every we had a havy pop3 attach yesterday morning: about 400'000 connects in three hours from one single IP address within wandadoo.fr.
the easiest way, to protect the dovecot server against such attacks would be to limit the number of connections anyone can open from one single IP address to the server in a certain time.
this feature is available in newer versions of postfix, where i have limited the number of SMTP connections possible from one single IP address in one minute to three (3).
thank you very much for any valid hint.
suomi There is no such feature in dovecot, but you can use iptables firewall to do this. An article with examples: http://www.debian-administration.org/articles/187
Uldis
participants (3)
-
Rick Romero
-
suomi
-
Uldis Pakuls