[CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

Chris Heiner cheiner at networkdesignsinc.net
Fri Nov 21 13:24:09 UTC 2008


Good advice!

I will upgrade the Dovecot as it sounds like a good idea. I was also
considering just redirecting the inbound port from 110 to another port.

Your simple answer is much appreciated.

Thanks for helping without the "corrective elitist attitude"!


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Scott Silva
Sent: Thursday, November 20, 2008 4:03 PM
To: centos at centos.org
Subject: [CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

on 11-20-2008 3:31 PM Kai Schaetzl spake the following:
> Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
> 
>> I get complaints about "the servers asking for username and password".
> 
> from your users or what? Of course, they may complain. A big dictionary 
> attack can take almost all the bandwidth for some time or leave a backlog 
> of dovecot instances.
> Please, as I understand you are a server adminstrator for quite a few 
> machines, correct? Yet, you are answering in a way as if you just brought 
> your first server online.
> 
> Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you

> repeat it again and again.
> 
> I
>> started test@ accounts all many servers to try and track it down.
> 
> Pardon, you did what?
> 
>> I have tried restarting POP and SMTP in the past
> 
> You may want to kill all dovecot instances, in case you *are* running 
> dovecot (if not, then of what you use, but I know that dovecot likes to 
> hang in this way if hammered). Just restarting it may not kill the backlog

> of hanging connections. A "ps ax|grep login" would help to see if 
> instances are still running.
> Restarting SMTP: again, this has nothing to do with SMTP!
> 
> Kai
> 
CentOS 4 comes with a very OLD version of dovecot.
If you are using dovecot, you can get a much newer version at atrpms.net.
The upgrade might be all you need to fix it.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!




----------------------------------------------
Gateway Anti-Spam Anti-Virus Protection by 
   Network Designs Inc. 949-727-3393 
 For a complete list of services go to 
       www.networkdesignsinc.com 
----------------------------------------------




More information about the CentOS mailing list