user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH 2/4] imap: only give AUTH=ANONYMOUS clients prefetch
Date: Mon,  8 Aug 2022 23:16:46 +0000	[thread overview]
Message-ID: <20220808231648.1954885-3-e@80x24.org> (raw)
In-Reply-To: <20220808231648.1954885-1-e@80x24.org>

Looking at IMAP traffic on public-inbox.org, it seems there is a
fair amount of traffic coming from malicious clients assuming
the IMAP server is compromised and searching for private
information.  Since AUTH=ANONYMOUS clients are more likely to
be legitimate clients looking for publicly-archived mail,
give them priority.
---
 lib/PublicInbox/IMAP.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/PublicInbox/IMAP.pm b/lib/PublicInbox/IMAP.pm
index bed633e5..4ef5252b 100644
--- a/lib/PublicInbox/IMAP.pm
+++ b/lib/PublicInbox/IMAP.pm
@@ -138,6 +138,7 @@ sub login_success ($$) {
 sub auth_challenge_ok ($) {
 	my ($self) = @_;
 	my $tag = delete($self->{-login_tag}) or return;
+	$self->{anon} = 1;
 	login_success($self, $tag);
 }
 
@@ -588,10 +589,9 @@ sub fetch_blob_cb { # called by git->cat_async via ibx_async_cat
 		$smsg->{blob} eq $oid or die "BUG: $smsg->{blob} != $oid";
 	}
 	my $pre;
-	if (!$self->{wbuf} && (my $nxt = $msgs->[0])) {
-		$pre = ibx_async_prefetch($ibx, $nxt->{blob},
+	($self->{anon} && !$self->{wbuf} && $msgs->[0]) and
+		$pre = ibx_async_prefetch($ibx, $msgs->[0]->{blob},
 					\&fetch_blob_cb, $fetch_arg);
-	}
 	fetch_run_ops($self, $smsg, $bref, $ops, $partial);
 	$pre ? $self->dflush : $self->requeue_once;
 }

  parent reply	other threads:[~2022-08-08 23:16 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-08 23:16 [PATCH 0/4] imap: reduce impact of bot scanners Eric Wong
2022-08-08 23:16 ` [PATCH 1/4] imap: limit ibx_async_prefetch to idle git processes Eric Wong
2022-08-08 23:16 ` Eric Wong [this message]
2022-08-08 23:16 ` [PATCH 3/4] imap: prioritize AUTH=ANONYMOUS clients Eric Wong
2022-08-08 23:16 ` [PATCH 4/4] README: recommend AUTH=ANONYMOUS on IMAP URLs Eric Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://public-inbox.org/README

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220808231648.1954885-3-e@80x24.org \
    --to=e@80x24.org \
    --cc=meta@public-inbox.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).