[Dovecot] Re: dovecot died
Peter Fern
dovecot at obfusc8.org
Tue Mar 28 01:32:42 EEST 2006
Dean Blackburn wrote:
<snip>
> When we get 1-2 of these going at a time, it kills the server, and we
> need to restart imap. If there was* some kind of per-ip/login limit, I
> bet we wouldn't exceed the resources. In this case, we know this is an
> employee using an unsupported client from outside - but, we have no
> way to block the IP (need to keep in contact with the remote IP), and
> there doesn't seem to be a "only accept from these imap clients"
> option, either... It's totally unacceptable for me to tell my boss the
> mailserver died because someone used a bad mail program. :/
>
> Maybe this would be really hard to implement in dovecot, but I just
> wanted to second the notion that it would be a good thing(tm).
Whilst this is true, in the mean time, you could use netfilter to limit
the number of open TCP connections using connlimit from patch-o-matic
(base).
http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-connlimit
iptables -p tcp --syn --dport 143 -m connlimit --connlimit-above 2 -j REJECT
>
> Thanks,
>
> -deano
>
>> Regards
>> Marten
>
More information about the dovecot
mailing list