Hi everyone! I want to manage mail server resource part (like it can CGP) and with it I have one question. Is any way to limit overall max simultaneous connections to imap/pop3 server from one(each) host, except use iptables/ipfw and so on? Like a patch to dovecot or, maybe, it can be released in future versions? I know about mail_max_userip_connections in dovecot 1.1 but it can't limit hosts this way. Thank you.
On Mon, 2008-03-17 at 01:47 +0300, subscriber at viliar.net.ru wrote:> Hi everyone! > > I want to manage mail server resource part (like it can CGP) and with it > I have one question. Is any way to limit overall max simultaneous > connections to imap/pop3 server from one(each) host, except use > iptables/ipfw and so on? Like a patch to dovecot or, maybe, it can be > released in future versions?Probably in future versions.> I know about > mail_max_userip_connections in dovecot 1.1It should be pretty easy to patch this code to ignore the user and just limit IPs. You could basically just remove "user" from struct mail_process_group and fix the code to compile. Or even easier: static struct mail_process_group * mail_process_group_lookup(enum process_type type, const char *user, const struct ip_addr *ip) { user = ""; // use the same empty user for everyone // ... static struct mail_process_group * mail_process_group_create(enum process_type type, const char *user, const struct ip_addr *ip) { struct mail_process_group *group; user = ""; // use the same empty user for everyone -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080317/9926fc0b/attachment-0002.bin>
On 08-03-18 18.34, Alex wrote:> And it is really work. But for probable future option, I think, it is > would be wrong way. > Because this solution limit user _logins_, not connections. So, just for > example, I could make very much connections to server and go to end up > dovecot connection pool or, if I miss something here, system resources > like max_files, max_sockets and so on. IMHO, more truly solution is > limit connections, and check it _before_ login procedure. I understand, > that can happen in this case also. But why we will waste our resources > to check login/pass, make redundant query to myssql/pgsql/sqlite and so > on? What are you think about that? Comments are very welcome.I would personally use the operating systems firewall software for this. Seems redundant that every piece of software accepting connections should duplicate the functionality of a firewall. /Johan
Message: 3 Date: Wed, 19 Mar 2008 09:48:34 +0100 From: Johan Fredin <johan at spelaroll.se> Subject: Re: [Dovecot] max connects per host? To: dovecot at dovecot.org Message-ID: <47E0D362.9070206 at spelaroll.se> Content-Type: text/plain; charset=windows-1251; format=flowed I would personally use the operating systems firewall software for this. Seems redundant that every piece of software accepting connections should duplicate the functionality of a firewall. /Johan Yes. In some cases it could be good choice. But in _general_ it's not. It's about functionality of a mail server, isn't so? And how your users will know, what they reached limits and it's not case of broken connection/firewall/network related problems and so on?
Reasonably Related Threads
- [PATCH 1/5 ovirt-server] Add glusterfs to task-omatic API for {task_storage,utils}
- known_hosts question for Ubuntu Server 14.04 and 16.04 LTS
- [PATCH] kinit minor checkpatch cleanup
- ipconfig related question (do not get static IP setting)
- [PATCH] hdt & gcc -Werror