|
Yes I've read imapd.conf and cyrus.conf and found no options to
limit connections per source IP or "idleness"..
It means anyone can open a lot of connections to any port (143,
25, 110 etc) and render the server unusable??
I'm using Debian, so I'll try to figure out how to do that with
iptables.. Thanks!
Best Regards,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
Em 07/03/2019 11:25, Willem Offermans
escreveu:
Dear Cyrus friends and Heiler Bensimon Bemerguy,
You could use your firewall to achieve this.
For ipfw:
${fwcmd} add pass tcp from any to ${ip_me} imap
setup limit src-addr 10
You have to lookup the right syntax for your
firewall.
Dit you check man imapd or man cyrus, maybe there is
also an option for the daemon itself, but I would prefer the
firewall.
Hail,
I've noticed an user with ~200 open connections to cyrus
imap port (143) and, because of him, no one else could
login to the server.
I've noticed even with a single "telnet ip 143", the
connection is accepted and never ever dropped, even while
still unauthenticated.
How to stop that from happening?
cyrus.conf:
imap cmd="imapd -U 30" listen="imap" prefork=6
maxchild=200
--
Atenciosamente,
Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
|
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
