Corey wrote, at 04/16/2008 04:29 PM: > I just had an experience where my server was getting slammed with thousands > of concurrent pop3 requests. This went on for over an hour before it finally > ceased, at which point I was able to start cyrus again. > > Anyhow, what are some mechanisms to prevent this in the future?
I've managed to stop such brute force password attacks by requiring encryption for all connections in imapd.conf: sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 allowplaintext: no sasl_minimum_layer: 128 Your environment may be different and require some tweaking. Test thoroughly after making the changes. So far, I've only seen plaintext brute force attacks against POP3, so maybe it's a limitation of current malware. Nearly all modern clients can deal with this restriction, and it's good best practice. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
