[CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

[Glenn]

At 07:03 PM 11/20/2008, you wrote:
>on 11-20-2008 3:31 PM Kai Schaetzl spake the following:
> > Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
> >
> >> I get complaints about "the servers asking for username and password".
> >
> > from your users or what? Of course, they may complain. A big dictionary
> > attack can take almost all the bandwidth for some time or leave a backlog
> > of dovecot instances.
> > Please, as I understand you are a server adminstrator for quite a few
> > machines, correct? Yet, you are answering in a way as if you just brought
> > your first server online.
> >
> > Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you
> > repeat it again and again.
> >
> > I
> >> started test@ accounts all many servers to try and track it down.
> >
> > Pardon, you did what?
> >
> >> I have tried restarting POP and SMTP in the past
> >
> > You may want to kill all dovecot instances, in case you *are* running
> > dovecot (if not, then of what you use, but I know that dovecot likes to
> > hang in this way if hammered). Just restarting it may not kill the backlog
> > of hanging connections. A "ps ax|grep login" would help to see if
> > instances are still running.
> > Restarting SMTP: again, this has nothing to do with SMTP!
> >
> > Kai
> >
>CentOS 4 comes with a very OLD version of dovecot.
>If you are using dovecot, you can get a much newer version at atrpms.net.
>The upgrade might be all you need to fix it.

Watch out for this gotcha! The Dovecot version 1.0.x that comes with 
CentOS 5.x is much better and I run it and would recommend it, but 
the configs for 0.99.x (Came with CentOS 4.x) are incompatible with 
the previous version.

Cheers,
Glenn