There seems to be a fair amount of bot traffic scanning the IMAP(S) port on public-inbox.org using username+password logins (which we currently accept combination of).
AUTH=ANONYMOUS traffic is probably more likely to be legit, and supported by mutt and lei, at least. To avoid breaking things for legitimate users using username+passwords, I've decided to deprioritize, but still allow traffic of clients using username+password logins. The initial prefix change is good regardless, since even legitimate AUTH=ANONYMOUS clients could've caused fairness problems with the aggressive pipelining to git-cat-file||Gcf2. Eric Wong (4): imap: limit ibx_async_prefetch to idle git processes imap: only give AUTH=ANONYMOUS clients prefetch imap: prioritize AUTH=ANONYMOUS clients README: recommend AUTH=ANONYMOUS on IMAP URLs README | 6 +++--- lib/PublicInbox/DS.pm | 2 +- lib/PublicInbox/GitAsyncCat.pm | 9 ++++----- lib/PublicInbox/IMAP.pm | 16 +++++++++++++--- lib/PublicInbox/IMAPD.pm | 7 +++++++ 5 files changed, 28 insertions(+), 12 deletions(-)
