Good advice!
I will upgrade the Dovecot as it sounds like a good idea. I was also considering just redirecting the inbound port from 110 to another port.
Your simple answer is much appreciated.
Thanks for helping without the "corrective elitist attitude"!
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Scott Silva Sent: Thursday, November 20, 2008 4:03 PM To: centos@centos.org Subject: [CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)
on 11-20-2008 3:31 PM Kai Schaetzl spake the following:
Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
I get complaints about "the servers asking for username and password".
from your users or what? Of course, they may complain. A big dictionary attack can take almost all the bandwidth for some time or leave a backlog of dovecot instances. Please, as I understand you are a server adminstrator for quite a few machines, correct? Yet, you are answering in a way as if you just brought your first server online.
Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you
repeat it again and again.
I
started test@ accounts all many servers to try and track it down.
Pardon, you did what?
I have tried restarting POP and SMTP in the past
You may want to kill all dovecot instances, in case you *are* running dovecot (if not, then of what you use, but I know that dovecot likes to hang in this way if hammered). Just restarting it may not kill the backlog
of hanging connections. A "ps ax|grep login" would help to see if instances are still running. Restarting SMTP: again, this has nothing to do with SMTP!
Kai
CentOS 4 comes with a very OLD version of dovecot. If you are using dovecot, you can get a much newer version at atrpms.net. The upgrade might be all you need to fix it.