Re: Connection throttling POP3.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 21 May 2007, Matthew Schumacher wrote:

List,

I'm getting some spammer trying to guess usernames and passwords:

May 21 11:01:55 larry pop3[5845]: badlogin: [83.209.35.32] plaintext bob
SASL(-13): authentication failure: checkpass failed
May 21 11:01:54 larry pop3[5860]: badlogin: [83.209.35.32] plaintext
complaints SASL(-13): authentication failure: checkpass failed
May 21 11:01:56 larry pop3[5922]: badlogin: [83.209.35.32] plaintext
diablo SASL(-13): authentication failure: checkpass failed
May 21 11:01:58 larry pop3[5924]: badlogin: [83.209.35.32] plaintext
darren SASL(-13): authentication failure: checkpass failed
May 21 11:02:00 larry pop3[5927]: badlogin: [83.209.35.32] plaintext
dallas SASL(-13): authentication failure: checkpass failed
May 21 11:02:00 larry pop3[5939]: badlogin: [83.209.35.32] plaintext
edgar SASL(-13): authentication failure: checkpass failed
May 21 11:02:01 larry pop3[5945]: badlogin: [83.209.35.32] plaintext
cristopher SASL(-13): authentication failure: checkpass failed
May 21 11:02:02 larry pop3[5965]: badlogin: [83.209.35.32] plaintext
easter SASL(-13): authentication failure: checkpass failed
May 21 11:02:10 larry pop3[5964]: badlogin: [83.209.35.32] plaintext
felicia SASL(-13): authentication failure: checkpass failed

And this spammer is racking up a zillion processes which is killing my
machine.  I need a way to throttle this somehow where he is only allowed
one connection per IP at a time, or perhaps a way to ignore them after
so many invalid passwords.

Anyone know of a way to do this?

You can use tcp-wrappers to block connections from that IP address entirely. I believe there are also some solutions to monitor connections and automatically add IP addresses to the /etc/hosts.deny file, but I've never used them myself.

	Andy
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux