Take Ben's advice. Use fail2ban, FUT, or any of the other programs out there that are designed for this. If the attacker is using a single IP address, fail2ban (properly configured) should block them in under a second. There's probably a way to prevent Cyrus from taking too many connections, but that still allows a DoS attack -- if the attacker is using up all of your available connections, no real customer can get on. It also uses up a bunch of system resources, unnecessarily. Don't limit the attacker -- ban them. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Thu, 2 Nov 2006, Jim John wrote: >I found out that it was a single IP from the log >files. That person (or bot) logs into the POP3 server >and tries to authenticate itself. The problem is that >it logs in as a different user each time and does ALOT >of these logins per second, causing LDAP to overload >with connections. Is there any way to limit the number >of connections in the cyrus server using some config >parameter? Thanks. > > > > >__________________________________________________________________________________________ >Check out the New Yahoo! Mail - Fire up a more powerful email and get things done faster. >(http://advision.webevents.yahoo.com/mailbeta) > >---- >Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
