[CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

Fri Nov 21 22:02:58 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 11-21-2008 11:53 AM Scott Silva spake the following:
> on 11-20-2008 5:31 PM Kai Schaetzl spake the following:
>> Scott Silva wrote on Thu, 20 Nov 2008 16:03:04 -0800:
>>
>>> CentOS 4 comes with a very OLD version of dovecot.
>>> If you are using dovecot, you can get a much newer version at atrpms.net.
>>> The upgrade might be all you need to fix it.
>> The dovecot in CentOS 5 exhibits the same problem when hammered by 
>> dictionary attacks. Is the atrpms version newer?
>>
>> Kai
>>
> You can get 1.0.15 which is the recent stable for the 1.0 series, and you can
> get 1.1.16 which has many new improvements over 1.0, and is the current stable
> branch. I think the 1.1 branch has some changes to the auth code that might
> help. Read the dovecot wiki for the steps you need to follow to upgrade,
> especially if you want to go back.
> 
> I really recommend you at least go to the 1.0 branch instead of the 0.99 beta
> in CentOS 4. The indexing improvements alone are worth it.
> 
Another option is something like fail2ban, and have it drop the connections
and add a firewall rule when you get too many bad attempts on that port.
Fail2ban can read the logs and act for you before it gets too bad.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20081121/70f51a1c/attachment-0005.sig>