Can be someone dictionary attack on POP3?
Cheers
patrick
On Sat, 14 Apr 2007, Brian N. Smith wrote:
> > If PAM is the issue why we don't see this behavior with other
> > services as
> > well?
>
> Apache - Doesn't use it
> Sendmail - Doesn't use it normal (maybe for SMTP-Auth, but that is it)
> DNS - Doesn't use it
> MySQL - Doesn't use it
> Proftpd - Uses it.
> Dovecot - Uses it
> SSH - Uses i
>
> The few apps that do use it (ls -l /etc/pam.d) usually do not have
> multiple authentication attempts per minute like POP3/IMAP does. Stop
> and think about it. If the problem is because it is being hammer with
> authentication requests, then applications that do a lot of
> authentication requests should have problems. I.E Dovecot. I have
> noticed the application that I had included (/usr/bin/checker) which
> is used for .htaccess authentication against the system, can be a bit
> slow. It doesn't over whelm the system, but if you are loading a
> WYSIWYG editor (multiple images) it is slow to load. Remove the
> .htaccess, and it is fast again.
>
> I would recommend trying the caching thing at the minimum. It should
> help out some.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>