suomi
2008-Jul-28 15:23 UTC
[Dovecot] limiting the per-time connections from one single IP address
Hi every
we had a havy pop3 attach yesterday morning: about 400'000 connects in
three hours from one single IP address within wandadoo.fr.
the easiest way, to protect the dovecot server against such attacks
would be to limit the number of connections anyone can open from one
single IP address to the server in a certain time.
this feature is available in newer versions of postfix, where i have
limited the number of SMTP connections possible from one single IP
address in one minute to three (3).
i checked to see in the dovecot-wiki, but found only the
#login_max_processes_count = 128
#login_max_connections = 256
which both do not contain neither a per-time constraint nor a
per-IP-address constraint.
is this already possible with current versions of deovecot?
the dovecot -n:
# 1.0.14: /etc/dovecot.conf
ssl_cert_file: /etc/pki/ldap/mirador.cert.pem
ssl_key_file: /etc/pki/ldap/mirador.key.pem
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
first_valid_uid: 51
mail_location: maildir:%h/%m
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
passdb:
driver: ldap
args: /etc/openldap/dovecot.conf
userdb:
driver: ldap
args: /etc/openldap/dovecot.conf
thank you very much for any valid hint.
suomi
Rick Romero
2008-Jul-28 15:28 UTC
[Dovecot] limiting the per-time connections from one single IP address
On Mon, 2008-07-28 at 17:23 +0200, suomi wrote:> Hi every > we had a havy pop3 attach yesterday morning: about 400'000 connects in > three hours from one single IP address within wandadoo.fr. > > the easiest way, to protect the dovecot server against such attacks > would be to limit the number of connections anyone can open from one > single IP address to the server in a certain time.It's available in 1.1: # Maximum number of POP3 connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. #mail_max_userip_connections = 3 Rick
Uldis Pakuls
2008-Jul-28 20:42 UTC
[Dovecot] limiting the per-time connections from one single IP address
suomi wrote:> Hi every > we had a havy pop3 attach yesterday morning: about 400'000 connects in > three hours from one single IP address within wandadoo.fr. > > the easiest way, to protect the dovecot server against such attacks > would be to limit the number of connections anyone can open from one > single IP address to the server in a certain time. > > this feature is available in newer versions of postfix, where i have > limited the number of SMTP connections possible from one single IP > address in one minute to three (3). > > thank you very much for any valid hint. > > suomiThere is no such feature in dovecot, but you can use iptables firewall to do this. An article with examples: http://www.debian-administration.org/articles/187 Uldis