I'm looking to put a locking scheme in the current default pop3
process for qmail (checkpassword, qmail-pop3d) so that when a user
checks their mail, if they attempt to check it again while the previous
instance is still running, they will be immediately dropped. This is
to avoid a potential denial of service attack wherein a single user
could eat up all available network connections checking their mail
multiple times at once.
Has anyone implemented such a thing already? If not, any ideas
on how it might be done? As I understand it, locking the maildir
in qmail-pop3d is probably the best solution to this, as it gets
called immediately after authentication has occurred. My main concern
is avoiding the possibility (as much as possible) of a single process
being killed before completion and causing the lock file (or whatever) to
remain in effect even after the program has completed, making it impossible
for a user to check their mail until the file is manually removed. Perhaps
an flock on a standard file would work, but as I understand it, flock will
hang around and wait if it's not able to get a lock immediately, which
is counterproductive to the dropping the connection immediately if
another instance is in progress. I could be wrong on this.
Ideas? Suggestions? Snide remarks?
Thanks,
--
Erik Nielsen
Systems Administrator/Developer
USURF America
