On Wed, Dec 20/00, Brian Grossman <bri...@SoftHome.net> wrote:
On Wed, Dec 20, 2000 at 01:14:54PM +0200, Mike Jackson wrote:
Does anyone have a method of limiting client login frequency from the
server side? Ideally, it would pop a message back to the client
informing him to set his frequency to x minutes, and would not allow him
back on until it noticed a frequency of login attempts less than x in
the syslog. While watching my log files for a new server, I noticed that
many people are logging in every 30 seconds around the clock. One person
was even logging in once per second!
Here's one approach. This has grown here from another direction, so
the pure courier solution is probably a bit different.
We have a custom auth module that talks to a custom daemon that talks to
our database. The daemon also keeps track of a users' check frequency
(rolling timeout). For us, letting them pop about 4 times every 5 minutes
is our point of equilibrium. But tell them something like once every 10
minutes. That way, they'll hopefully listen to you and set their pop
client to check every ten minutes. Many windows pop clients check once to
count the messages, then another time to get the messages. Then the user
double-click on the send&receive button, and poof 4 times in 5 seconds.
Another alternative for those who don't have the programming resources
is to get another paragraph added to your terms of service agreement
with your customers (you know, the one that says subject to change
without notice). Then you can fire off warning email or even have your
customer service reps get in touch with the abusers about the problem. I
actually had to do this about 4 years ago with an ISP I worked at, as
there was no other way to cut down on this and the custom written popper
they had beat hell out of the server and they'd let everyone who knew
how to program go.
5 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Re: login frequen...
