[Dovecot] Lots of pop3-logins
Timo Sirainen
tss at iki.fi
Sun Jun 28 06:47:16 EEST 2009
On Fri, 2009-06-26 at 02:01 -0700, V S Rao wrote:
> Timo Wrote: You can also just decrease login_process_max_count
>
> Wouldn't decreasing the login_process_max_count simply create more
> problems. Now users will start experiencing timeouts sooner than
> before, because whatever is causing the login processes to increase
> (attack, rogue process or whatever) will *always* be trying to login
> and genuine users will be denied login. So without knowing the root
> cause of the issue simply decreasing or increasing the
> login_process_max_count will lead to other problems. Correct me if I
> am wrong.
Depends on the attacker. Dovecot will always drop the oldest connection.
So if attacker is authenticating multiple times in a single session,
it's pretty much always the oldest connection that gets killed first. If
attacker logins once and then disconnects, I think Dovecot still kills
those processes sooner than others, because they're waiting a couple of
seconds for "authentication failed".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090627/3f09d005/attachment-0001.bin
More information about the dovecot
mailing list