limit pop login per user and per minute

Mark Moseley moseleymark at
Fri Mar 23 00:25:01 EET 2018

On Thu, Mar 22, 2018 at 1:41 PM, Joseph Tam <jtam.home at> wrote:

> On Thu, 22 Mar 2018, Markus Eckerl wrote:
> The problem is, that he misconfigured the servers of these customers. In
>> detail: their servers are trying to fetch email every 2 - 5 seconds. For
>> every email address.
>> In the past I contacted the technician and told him about his mistake.
>> He was not very helpful and simply told me that he is doing the same
>> configuration since several years at all of his customer servers.
>> Without problems. It is up to me to fix my problem myself.
> Seems to me you're bending over backwards to fix someone else's problem,
> and what you really need is an "attitude adjustment" tool for obnoxious
> clients who use your service like they're the only ones that matter.
> Apart from what others can suggest (I think dovecot allows delegation
> of usage to a separate policyd service), you can perhaps use firewall
> throttling e.g.
> It can't do it per user, but perhaps it is better to set a global limit
> and let your downstream client better manage and conserve a limited
> resource.
Might be a good use of the new authpolicy stuff. You could run a local
weakforced with 1 minute windows and break auth for certain IPs that do
more than one login per minute.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dovecot mailing list