From: "André Rodier" > chain input { > > # Limit new imap connections ala fail2ban > meta nfproto ipv4 tcp dport imaps ct state new,untracked \ > limit rate over 10/minute add @banned_imap_ipv4 { ip saddr }
I'm don't know all the subttlties of this rule, but there are some mail clients (MacOSX Mail comes to mind) that will bombard your IMAP server with new connections when it does a global search. It will open a new connection for each mailbox, then do a search. When your connection limit is reached, it will then close all the open connections and do another round. This may be interpreted as a BFD attack, and you'll lock out a legitimate user. Joseph Tam <jtam.h...@gmail.com> _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org