Yes.
> -----Original Message-----
> From: patricko (at mark) staff.singnet.com.sg [mailto:patricko (at mark) staff.singnet.com.sg]
> Sent: Sunday, April 15, 2007 1:29 AM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:09570] Re: Dovecot/POP3 Flood
>
>
> Can be someone dictionary attack on POP3?
>
> Cheers
> patrick
>
>
> On Sat, 14 Apr 2007, Brian N. Smith wrote:
>
> > > If PAM is the issue why we don't see this behavior with other
> > > services as
> > > well?
> >
> > Apache - Doesn't use it
> > Sendmail - Doesn't use it normal (maybe for SMTP-Auth, but that is it)
> > DNS - Doesn't use it
> > MySQL - Doesn't use it
> > Proftpd - Uses it.
> > Dovecot - Uses it
> > SSH - Uses i
> >
> > The few apps that do use it (ls -l /etc/pam.d) usually do not have
> > multiple authentication attempts per minute like POP3/IMAP does. Stop
> > and think about it. If the problem is because it is being hammer with
> > authentication requests, then applications that do a lot of
> > authentication requests should have problems. I.E Dovecot. I have
> > noticed the application that I had included (/usr/bin/checker) which
> > is used for .htaccess authentication against the system, can be a bit
> > slow. It doesn't over whelm the system, but if you are loading a
> > WYSIWYG editor (multiple images) it is slow to load. Remove the
> > .htaccess, and it is fast again.
> >
> > I would recommend trying the caching thing at the minimum. It should
> > help out some.
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >