Article 9575 at 07/04/16 01:50:08 From: paul.aviles (at mark) nickelnetworks.com Subject: [coba-e:09575] Re: Dovecot/POP3 Flood

Index: [Article Count Order] [Thread]

Date:  Sun, 15 Apr 2007 12:49:30 -0400
From:  "Paul Aviles" <paul.aviles (at mark) nickelnetworks.com>
Subject:  [coba-e:09575] Re: Dovecot/POP3 Flood
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <200704151649.l3FGnmwt018770 (at mark) srv1.nickelnetworks.com>
In-Reply-To:  <002901c77f09$14299090$1e64a8c0 (at mark) nuonce.net>
X-Mail-Count: 09575

So, if PAM is causing this then we should be able to duplicate this with any
other services as well. We have others reported dic attacks on ssh and maybe
I am wrong, but I don't think that the servers experience the same behaviour
after as with dovecot, true not necessarily the same exactly.

So the question for me at least is this a dovecot issue or a PAM issue?

It can be one or the other or a combination of both perhaps, but we should
be able to duplicate it to identify the problem and perhaps aim for a
solution.

IMHO anyway...

-----Original Message-----
From: Brian N. Smith [mailto:brian (at mark) nuonce.net] 
Sent: Saturday, April 14, 2007 10:52 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:09569] Re: Dovecot/POP3 Flood

> If PAM is the issue why we don't see this behavior with other services 
> as well?

Apache - Doesn't use it
Sendmail - Doesn't use it normal (maybe for SMTP-Auth, but that is it) DNS -
Doesn't use it MySQL - Doesn't use it Proftpd - Uses it.
Dovecot - Uses it
SSH - Uses i