[Dovecot] Re: dovecot died

Peter Fern dovecot at obfusc8.org
Tue Mar 28 01:32:42 EEST 2006


Dean Blackburn wrote:
<snip>
> When we get 1-2 of these going at a time, it kills the server, and we 
> need to restart imap. If there was* some kind of per-ip/login limit, I 
> bet we wouldn't exceed the resources. In this case, we know this is an 
> employee using an unsupported client from outside - but, we have no 
> way to block the IP (need to keep in contact with the remote IP), and 
> there doesn't seem to be a "only accept from these imap clients" 
> option, either... It's totally unacceptable for me to tell my boss the 
> mailserver died because someone used a bad mail program. :/
>
> Maybe this would be really hard to implement in dovecot, but I just 
> wanted to second the notion that it would be a good thing(tm).
Whilst this is true, in the mean time, you could use netfilter to limit 
the number of open TCP connections using connlimit from patch-o-matic 
(base).

http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-connlimit

iptables -p tcp --syn --dport 143 -m connlimit --connlimit-above 2 -j REJECT


>
> Thanks,
>
> -deano
>
>> Regards
>> Marten
>



More information about the dovecot mailing list