Re: [Dovecot] Fishing attempt locking up dovecot

[Timo Sirainen]

On Tue, 2007-12-11 at 15:58 -0700, Patrick Milvich wrote:
> Obviously this can act like a dos attack, but the real issue is after  
> the spammer stops (by virtue of being added to our firewall blacklist,  
> being caught and shut down by their isp, or otherwise), dovecot  
> doesn't seem to relinquish the resources, causing "too many files  
> open" errors for normal usage.

I guess there could be problems after you get "too many open files", but
you can configure Dovecot so that it never happens. v1.1 warns about
this at startup.

Basically you just need to make sure that when starting dovecot,
ulimit -n is a bit larger than max_mail_processes +
login_max_processes_count + auth_worker_max_count (if you're using
MySQL).



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Fishing attempt locking up dovecot

[Asheesh Laroia]

On Tue, 11 Dec 2007, Patrick Milvich wrote:

I've mentioned this before but only heard from one other person who has 
experienced this, but it's becoming a pretty serious issue.


The situation:
A spammer sets a bot on a fishing attempt to gain email addresses, causing 
numerous login processes to spawn and suck up all available resources.


Sounds like you could avoid this problem if you configured fail2ban to 
block the spammer trying all these logins.


However, the underlying problem with Dovecot would remain, and so it is 
worth fixing that too!


-- Asheesh.

--
The speed of anything depends on the flow of everything.