Concerning JMAP protocol, if by any chance you jumped on that boat, the use of any serious API gateway in front of the HTTP endpoint would offer this for free.
Very true for IMAP + SMTP. Fail2ban is the go to solution for now. Structured logging might be required to get the client ip address. Best regards, Benoit On Mar 3, 2023 9:43 PM, from David Matthews >Does Apache James provide any best practice for DDoS/DoS protection? I mean >it is at application level. > fail2ban can be very effective with a mail exchanger. There are some notes here https://dmatthews.org/webmail.html#fail2ban but there it's being used with exim4. So you would have to study your log file, decide what you want to keep out and then write a fail2ban filter to suit, so you'd have a fair bit of work to do to get it operational. -- David Matthews [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] -- Best regards, Benoit TELLIER General manager of Linagora VIETNAM. Product owner for Team-Mail product. Chairman of the Apache James project. Mail: [email protected] Tel: (0033) 6 77 25 04 58 (WhatsApp, Signal)
