on 11-20-2008 3:31 PM Kai Schaetzl spake the following:
Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
I get complaints about "the servers asking for username and password".
from your users or what? Of course, they may complain. A big dictionary attack can take almost all the bandwidth for some time or leave a backlog of dovecot instances. Please, as I understand you are a server adminstrator for quite a few machines, correct? Yet, you are answering in a way as if you just brought your first server online.
Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you repeat it again and again.
I
started test@ accounts all many servers to try and track it down.
Pardon, you did what?
I have tried restarting POP and SMTP in the past
You may want to kill all dovecot instances, in case you *are* running dovecot (if not, then of what you use, but I know that dovecot likes to hang in this way if hammered). Just restarting it may not kill the backlog of hanging connections. A "ps ax|grep login" would help to see if instances are still running. Restarting SMTP: again, this has nothing to do with SMTP!
Kai
CentOS 4 comes with a very OLD version of dovecot. If you are using dovecot, you can get a much newer version at atrpms.net. The upgrade might be all you need to fix it.