Re: Security risk of POP3 & IMAP protocols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[23~On Fri, Feb 13, 2009 at 03:21:06PM +0000, Ian Eiloart wrote:
> 
> 
> --On 13 February 2009 14:35:43 +0000 Alain Williams <addw@xxxxxxxxxxxx> 
> wrote:
> 
> >That got me thinking ....
> >I rate limit ssh connections to try to prevent dictionary attacks (3
> >attempts/3 minutes/IP address). If I were to do the same with IMAP would
> >that cause problems with some clients, ie are there some clients that to
> >many connect/disconnects ?
> 
> Yes. Anything that opens a bunch of mailboxes at the same time might be 
> doing way more than that. You should be measuring "failed attempts", not 
> "attempts".

Yes, but I do the rate limiting with iptables (Linux firewall).
I don't know how to feedback failed attempts to iptables.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux