On Dec 11, 2007, at 5:58 PM, [EMAIL PROTECTED] wrote:
Message: 10 Date: Tue, 11 Dec 2007 15:58:16 -0700 From: Patrick Milvich <[EMAIL PROTECTED]> Subject: [Dovecot] Fishing attempt locking up dovecot To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes I've mentioned this before but only heard from one other person who has experienced this, but it's becoming a pretty serious issue. The situation: A spammer sets a bot on a fishing attempt to gain email addresses, causing numerous login processes to spawn and suck up all available resources. The problem: Obviously this can act like a dos attack, but the real issue is after the spammer stops (by virtue of being added to our firewall blacklist, being caught and shut down by their isp, or otherwise), dovecot doesn't seem to relinquish the resources, causing "too many files open" errors for normal usage.
stuff cut out
End of dovecot Digest, Vol 56, Issue 33 ***************************************
Will the following be of any help to you? (it is a patch for Postfix 2.4.nn) It would seem that the type of fishing expedition you mention would fall into the bit described below (lots of errors). While it will not directly solve the "out of resources" Dovecot problem, it may limit the up-front damage, followed with a CRON script running every twenty minutes or so that scans the last line of the mail log for the 'too many files open' error and upon finding it runs a version of the killall imap-login processes.
ftp://postfix.mirrors.pair.com/index.htmlPostfix 2.4 patch (PGP signature ) to add stress-adaptive behavior to the SMTP server. When some mail flood keeps all server ports busy, this feature can be used to quickly drop connections from clients that make errors, and to reduce the time that Postfix waits for a client command. This may delay some legitimate deliveries, but it will allow you to still keep some mail flowing. After the mail flood ends, Postfix reverts to its normal behavior.
smime.p7s
Description: S/MIME cryptographic signature
