Re: cyrus pop3 question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Corey wrote, at 04/16/2008 04:29 PM:
> I just had an experience where my server was getting slammed with thousands
> of concurrent pop3 requests. This went on for over an hour before it finally
> ceased, at which point I was able to start cyrus again.
> 
> Anyhow, what are some mechanisms to prevent this in the future?

I've managed to stop such brute force password attacks by requiring 
encryption for all connections in imapd.conf:

sasl_pwcheck_method: auxprop
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
allowplaintext: no
sasl_minimum_layer: 128

Your environment may be different and require some tweaking. Test 
thoroughly after making the changes. So far, I've only seen plaintext 
brute force attacks against POP3, so maybe it's a limitation of current 
malware. Nearly all modern clients can deal with this restriction, and 
it's good best practice.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux