Results 1 to 16 of 16

Thread: POP logins

  1. #1
    Join Date
    Jan 2002
    Location
    Monterrey NL Mexico
    Posts
    36

    POP logins

    Hi all! hope your all ok

    I don't know if this is a problem.. but its annoying!

    If i grep /var/log/maillog for certain user and certain day i discover i have a few users that logins to check their mail EVERY MINUTE . They seem to leave their Outlook Express open all day and configured to do so...

    If you sum this to the fact that most of the users have more than one mail configured on their outlook express (one of them has 5!) You can count THOUSANDS of useless logins A DAY!

    1) Is this a problem at all? (my ACTIVE SYSTEM ATTACK daily mail is getting huge as it logs every damn connection )

    2) How to limit the time between connections?

    Im on a standard Cpanel machine

    Thanks in advance

  2. #2
    Join Date
    Jun 2001
    Location
    Chicago, IL
    Posts
    1,953
    I dont see it as one, I had a few who did it every few minutes. Not something to worrie about
    Chicago Electronic Cigarettes: Tobacco Free, Smoke Free. 3 E-Cig Models, 11 flavors, and accessories.
    http://www.chicago-ecigs.com

  3. #3
    Join Date
    Jul 2002
    Posts
    180
    Don't worry! It's not a problem at all

  4. #4
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    You should have a policy on that. Ours is that they not do that more often than every three minutes. Unless you're using POP through inetd or xinetd, most mail servers can handle the load, but it's inappropriate. IMHO.

    Unless your logging is showing the same username, it's possible (though unlikely) your customer has multiple users behind a NAT, and so it's actually 10 users checking their email every 10 minutes.
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  5. #5
    Join Date
    Jan 2002
    Location
    Monterrey NL Mexico
    Posts
    36
    But.. there isn't a way to limit this on the server side?
    Server Admin in the cPanel environment -- skype: falconluis

  6. #6
    Join Date
    Jan 2002
    Location
    Kuwait
    Posts
    679
    If you want to do it on per email, then this is application level and depends on your MTA. If you want it per IP then you can do it at xinetd.
    Ahmad Alhashemi
    PHP, Apache, C, Python, Perl, SQL
    18 related BrainBench certificates

  7. #7
    Join Date
    Oct 2001
    Posts
    1,315
    Its no prob I check my mail on my server every one minute along with other customers.
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  8. #8
    A user checking his mail doesn't take any more resources than someone loading a single page from his web site. Do you consider it excessive if a user's web site gets one visitor per minute?
    Dr. Colin Percival, FreeBSD Security Officer
    Online backups for the truly paranoid: http://www.tarsnap.com/

  9. #9
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    Originally posted by cperciva
    A user checking his mail doesn't take any more resources than someone loading a single page from his web site. Do you consider it excessive if a user's web site gets one visitor per minute?
    If he checks his own site every minute just to check that is hasn't changed, I'd say that it was inappropriate.

    What about checking your email every .00001 seconds? There is a limit to what a reasonable person would do. To me, reason would say that every three minutes is pretty darn often. On that rare occasion that you need the email the minute it arrives, check it every minute. Just remember to change it back after.

    IMHO of course.
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  10. #10
    Join Date
    Sep 2001
    Location
    Madras
    Posts
    738
    I run a mail server and a lot of users have OE set up for 1 min check.

    It's just a PIII 256MB and still the server load is hovering around 0.01 - 0.05 most times and max is 0.10.

    While I understand where Mark is coming from, I wouldn't worry about it

    Portsentry is too paranoid for my taste , but as my father always used to say, "Every man his poison!".
    Offering Managed Servers - for an exclusive clientle who value uptime, caring support and superior technology.

  11. #11
    Join Date
    Jan 2002
    Posts
    453
    yeah, there are a lot of users with web enabled cell phones that configure their email settings at their providers' sites..

    i use nextel do this and they check my email probably every 30 secs and notify me of any new mail. unless you _really_ need to cut down on server load, let it go

  12. #12
    Join Date
    Jan 2002
    Location
    Monterrey NL Mexico
    Posts
    36
    The server load is not a problem. In fact my only problem with this is that im getting that damn active system attack mail very big.

    The thing is that is not only ONE user, there are several users doing this and some of them cheks not only one email, thay check as much as 5 emails at the same time every damn minute.

    But my main problem is that doing this is useless... Ill cut one nut if they receive a mail 0.01% of the times they check it. And I'll cut the other one if it is this mail so impotant it can't wait 5 damn minutes

    Thanks for the comments
    Server Admin in the cPanel environment -- skype: falconluis

  13. #13
    Originally posted by luisfalcon
    Ill cut one nut if they receive a mail 0.01% of the times they check it.
    Better start cutting. If they receive more than 8 emails/day, there will be new mail over 0.01% of the (once a minute) times they check.
    Dr. Colin Percival, FreeBSD Security Officer
    Online backups for the truly paranoid: http://www.tarsnap.com/

  14. #14
    Join Date
    Jul 2002
    Posts
    311
    I think this might help !!!

    What it does is gets u rid of all that email logs that u recv on ur Notification E-mail address for ur server.

    Edit this file:
    /etc/logcheck/logcheck.ignore

    And add this line at the bottom of the file:
    cpanelpop.*Session Closed


    cheers !!

  15. #15
    Join Date
    Jan 2002
    Location
    Monterrey NL Mexico
    Posts
    36
    Originally posted by cperciva
    Better start cutting. If they receive more than 8 emails/day, there will be new mail over 0.01% of the (once a minute) times they check.
    You ACTUALLY took the time to make the math? hehe (i didnt)

  16. #16
    Join Date
    Jan 2002
    Location
    Monterrey NL Mexico
    Posts
    36
    Originally posted by oc3
    I think this might help !!!

    What it does is gets u rid of all that email logs that u recv on ur Notification E-mail address for ur server.

    Edit this file:
    /etc/logcheck/logcheck.ignore

    And add this line at the bottom of the file:
    cpanelpop.*Session Closed


    cheers !!
    Thanks i'll do that!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •