Article 14379 at 08/11/25 16:50:31 From: ernie (at mark) info.eis.net.au Subject: [coba-e:14379] Re: Dovecot/POP3 Flood

Index: [Article Count Order] [Thread]

Date:  Tue, 25 Nov 2008 16:02:35 +1000 (EST)
From:  User Ernie <ernie (at mark) info.eis.net.au>
Subject:  [coba-e:14379] Re: Dovecot/POP3 Flood
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200811250602.mAP62ZIj095660 (at mark) info.eis.net.au>
In-Reply-To:  <20080907182134.GA73152 (at mark) xs4all.nl>
X-Mail-Count: 14379

I am still having problems with these brute force attacks, the problem seems
to be that dovecot is spawing too many processes->PAM requests before the
intrusion detection progam has notices. Is there a way to hard code the
number of simultaneous running dovecot processes to give time for the
blocking scripts to respond. Something like 50 dovcot pop3-login processes
at once should be heaps.

- Ernie.

> 
> On Sun, Sep 07, 2008 at 08:14:51PM +0200, Maurice de Laat wrote:
> 
> > wget http://rfxnetworks.com/apf.php
> 
> Make that wget http://www.r-fx.ca/downloads/apf-current.tar.gz
> Sorry for the confusion.
> -- 
> Maurice de Laat
> 
>