Hi every
we had a havy pop3 attach yesterday morning: about 400'000 connects in
three hours from one single IP address within wandadoo.fr.
the easiest way, to protect the dovecot server against such attacks
would be to limit the number of connections anyone can open from one
single IP address to the server in a certain time.
this feature is available in newer versions of postfix, where i have
limited the number of SMTP connections possible from one single IP
address in one minute to three (3).
i checked to see in the dovecot-wiki, but found only the
#login_max_processes_count = 128
#login_max_connections = 256
which both do not contain neither a per-time constraint nor a
per-IP-address constraint.
is this already possible with current versions of deovecot?
the dovecot -n:
# 1.0.14: /etc/dovecot.conf
ssl_cert_file: /etc/pki/ldap/mirador.cert.pem
ssl_key_file: /etc/pki/ldap/mirador.key.pem
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
first_valid_uid: 51
mail_location: maildir:%h/%m
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
passdb:
driver: ldap
args: /etc/openldap/dovecot.conf
userdb:
driver: ldap
args: /etc/openldap/dovecot.conf
thank you very much for any valid hint.
suomi
