From: "André Rodier"
> chain input {
>
> # Limit new imap connections ala fail2ban
> meta nfproto ipv4 tcp dport imaps ct state new,untracked \
> limit rate over 10/minute add @banned_imap_ipv4 { ip saddr }
I'm don't know all the subttlties of this rule, but there are some
mail clients (MacOSX
Mail comes to mind) that will bombard your IMAP server with new connections when
it does a global search. It will open a new connection for each
mailbox, then do
a search. When your connection limit is reached, it will then close
all the open
connections and do another round.
This may be interpreted as a BFD attack, and you'll lock out a legitimate user.
Joseph Tam <[email protected]>
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
