Am 08.08.2014 um 20:11 schrieb Alex: > Hi, > > I have a fedora20 system with dovecot-2.2.13 running various services, > including pop3. I'm noticing some users are frequently hamming pop3, and > wondered if this was normal, or something I should be investigating? > > Aug 8 14:05:20 email dovecot: pop3-login: Login: user=<user1>, > method=PLAIN, rip=97.77.115.121, lip=192.168.1.1, mpid=30509, > session=<DnRtDCIAUQBhTXN5> > Aug 8 14:05:21 email dovecot: pop3(user1): Disconnected: Logged out > top=0/0, retr=0/0, del=0/15, size=5693601 > > So it is immediately followed by a logout, but when there are 50 of them > successively in a five minute period, I wondered if it is creating > unnecessary overhead on the system? > > I suppose this most likely is how they have their email client configured, > but wondered if some throttling would be necessary? > > Any advice would be most appreciated. > Thanks, > Alex >
depends if this are your users, or if its brute force pop3 has not much overhead, to fight brute force use fail2ban or you may have a look here https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/ but be aware with NAT by blocking ips Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
