[CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

Chris Heiner cheiner at networkdesignsinc.net
Fri Nov 21 13:24:09 UTC 2008

Good advice!

I will upgrade the Dovecot as it sounds like a good idea. I was also
considering just redirecting the inbound port from 110 to another port.

Your simple answer is much appreciated.

Thanks for helping without the "corrective elitist attitude"!

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Scott Silva
Sent: Thursday, November 20, 2008 4:03 PM
To: centos at centos.org
Subject: [CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

on 11-20-2008 3:31 PM Kai Schaetzl spake the following:
> Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
>> I get complaints about "the servers asking for username and password".
> from your users or what? Of course, they may complain. A big dictionary 
> attack can take almost all the bandwidth for some time or leave a backlog 
> of dovecot instances.
> Please, as I understand you are a server adminstrator for quite a few 
> machines, correct? Yet, you are answering in a way as if you just brought 
> your first server online.
> Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you

> repeat it again and again.
> I
>> started test@ accounts all many servers to try and track it down.
> Pardon, you did what?
>> I have tried restarting POP and SMTP in the past
> You may want to kill all dovecot instances, in case you *are* running 
> dovecot (if not, then of what you use, but I know that dovecot likes to 
> hang in this way if hammered). Just restarting it may not kill the backlog

> of hanging connections. A "ps ax|grep login" would help to see if 
> instances are still running.
> Restarting SMTP: again, this has nothing to do with SMTP!
> Kai
CentOS 4 comes with a very OLD version of dovecot.
If you are using dovecot, you can get a much newer version at atrpms.net.
The upgrade might be all you need to fix it.

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

Gateway Anti-Spam Anti-Virus Protection by 
   Network Designs Inc. 949-727-3393 
 For a complete list of services go to 

More information about the CentOS mailing list