Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Wolfgang Breyha
Heiler Bemerguy via Info-cyrus wrote on 07/03/2019 16:30: > My  "man imapd.conf" doesn't list this option at all. I think my Cyrus > 2.5.10 is older than it.. Yes. It appeared in 2.5.11 according to my build environment. But there already was the option timeout: 30 before. So every

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Heiler Bemerguy via Info-cyrus
My  "man imapd.conf" doesn't list this option at all. I think my Cyrus 2.5.10 is older than it.. But I've added it to the .conf anyway. Won't hurt if it doesn't exist yet, right? lol Atenciosamente, Heiler Bemerguy - CINBESA Analista de Redes, Wi-Fi, Virtualização e Serviços Internet (55)

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Heiler Bemerguy via Info-cyrus
Thank you very much, it worked perfectly. Best Regards, Heiler Bemerguy - CINBESA Analista de Redes, Wi-Fi, Virtualização e Serviços Internet (55) 91 98151-4894 Em 07/03/2019 11:55, Ivan Kuznetsov escreveu: Hello iptables -A INPUT -p tcp --syn --dport 143 -m connlimit --connlimit-above 8

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Wolfgang Breyha
Heiler Bemerguy via Info-cyrus wrote on 07/03/2019 15:39: > Yes I've read imapd.conf and cyrus.conf and found no options to limit > connections per source IP or "idleness".. > > It means anyone can open a lot of connections to any port (143, 25, 110 etc) > and render the server unusable?? You can

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Ivan Kuznetsov
Hello iptables -A INPUT -p tcp --syn --dport 143 -m connlimit --connlimit-above 8 -j REJECT This will limit established imap connections to 8 per ip 07.03.2019 17:39, Heiler Bemerguy via Info-cyrus пишет: Yes I've read imapd.conf and cyrus.conf and found no options to limit connections per

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Willem Offermans
Dear Cyrus friends and Heiler Bensimon Bemerguy, Don’t forget to report your solution. It might certainly help other Cyrus users as well, though it is not directly related to Cyrus. Wiel Offermans wil...@offermans.rompen.nl > On 7 Mar 2019, at 15:39, Heiler Bemerguy via Info-cyrus >

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Heiler Bemerguy via Info-cyrus
Yes I've read imapd.conf and cyrus.conf and found no options to limit connections per source IP or "idleness".. It means anyone can open a lot of connections to any port (143, 25, 110 etc) and render the server unusable?? I'm using Debian, so I'll try to figure

Re: cyrus 2.5 imap idle/stuck connections (DOS like)

2019-03-07 Thread Willem Offermans
Dear Cyrus friends and Heiler Bensimon Bemerguy, You could use your firewall to achieve this. For ipfw: ${fwcmd} add pass tcp from any to ${ip_me} imap setup limit src-addr 10 You have to lookup the right syntax for your firewall. Dit you check man imapd or man cyrus, maybe there is also an