Article 13591 at 08/07/24 04:22:43 From: kenmarcus (at mark) precisionweb.net Subject: [coba-e:13591] Re: Dovecot/POP3 Flood

Index: [Article Count Order] [Thread]

Date:  Wed, 23 Jul 2008 12:22:31 -0700
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark) precisionweb.net>
Subject:  [coba-e:13591] Re: Dovecot/POP3 Flood
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <091d01c8ecf9$75b13a20$6601a8c0@OfficeKen>
References:  <1216778280.25751.5.camel (at mark) columbus.webtent.org>
X-Mail-Count: 13591

----- Original Message ----- 
From: "Robert Fitzpatrick" <lists (at mark) webtent.net>
To: "BlueQuartz" <coba-e (at mark) bluequartz.org>
Sent: Tuesday, July 22, 2008 6:57 PM
Subject: [coba-e:13590] Dovecot/POP3 Flood


> I've seen some talk about Dovecot repeating password prompts on the list
> and while this happens to us from time to time, the procedure for
> restarting some things along with dbrecover always seems to work.
> Tonight I had two servers do it at the same time, so I'm assuming a
> flood/attack of some sort?
>
> Is there any recommended way or dovecot settings to avoid this from
> happening?
>
> -- 

Robert


I think you need to install software that will check for brute force attacks 
and block that IP.

Then also the flat file conversion is a very good idea.


----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net