On Wednesday 16 April 2008 01:44:50 pm Andrew Morgan wrote: > On Wed, 16 Apr 2008, Corey wrote: > > I just had an experience where my server was getting slammed with > > thousands of concurrent pop3 requests. This went on for over an hour > > before it finally ceased, at which point I was able to start cyrus again. > > > > Anyhow, what are some mechanisms to prevent this in the future? > > > > In the mean time, I'd like to know whether I can configure cyrus/pop3 to > > listen only on a specific interface rather than on all interfaces on the > > server, and if so - where do I configure that option? > > You can modify cyrus.conf to bind a service entry to a particular IP > address, like so: > > imap cmd="imapd" listen="11.22.33.44:imap" prefork=1 maxchild=100 > > I don't think Cyrus has any mechanisms built-in to prevent a > denial-of-service attack like you describe. You can limit the impact on > your machine by specifying a maxchild setting for your pop3 service. > Thank you -- very helpfull! Cheers, Corey ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
