If the user is checking mail too often, send them an email every time they check telling them how often you think they should be doing it...
-------------------------------------------------------- Dear subscriber,
It has only been 32 seconds since you last checked your email. If you
are waiting for an urgent message, this is fine, but if your are setting
your email client to less than 10 minutes, you will get a lot of these messages.
Thanks, Your Email Provider --------------------------------------------------------
Stephane Bouvard [ML] wrote:
Hi,
,- - [ Le jeudi 12 février 2004 vers 10:25 knom écrivait: ] - - |
Currently the patch works IP based. I write a file for each logged in IP to a directory, where I mark the time of the first login. Then I count the number of logins during the next xx minutes in that file, too. If the number exceeds, I show the message to the user, which is in my opinion mandatory, because otherwise the user will be confused (but I think of showing only the minutes and not the exact time ?!...)
| `- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Personaly, i would be interested by a patch to limit the frequency by login, and not by IP...
What i would like to limit, is customer placing continuous mail check every 30 seconds... il would like to limit email check to 5 every 10 minutes... but it would be a limit per login, and not per IP, i have customers connected with 50 computers behind a NAT router, so only one IP for at least 50 mailbox...
IP based frequency patch is only usefull against DoS, but honnestly, for a brute force DoS, a hacker would probably not use POP3 protocol, except if the DoS is really targetting a mail system and not a whole server...
Best regards... _ (_' L'informatique est ma passion, vous la simplifier, mon métier ! ,_)téphane Bouvard [antarex AT freenet DOT be] http://www.antarex.be
