[CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)
ssilva at sgvwater.com
Fri Nov 21 22:02:58 UTC 2008
on 11-21-2008 11:53 AM Scott Silva spake the following:
> on 11-20-2008 5:31 PM Kai Schaetzl spake the following:
>> Scott Silva wrote on Thu, 20 Nov 2008 16:03:04 -0800:
>>> CentOS 4 comes with a very OLD version of dovecot.
>>> If you are using dovecot, you can get a much newer version at atrpms.net.
>>> The upgrade might be all you need to fix it.
>> The dovecot in CentOS 5 exhibits the same problem when hammered by
>> dictionary attacks. Is the atrpms version newer?
> You can get 1.0.15 which is the recent stable for the 1.0 series, and you can
> get 1.1.16 which has many new improvements over 1.0, and is the current stable
> branch. I think the 1.1 branch has some changes to the auth code that might
> help. Read the dovecot wiki for the steps you need to follow to upgrade,
> especially if you want to go back.
> I really recommend you at least go to the 1.0 branch instead of the 0.99 beta
> in CentOS 4. The indexing improvements alone are worth it.
Another option is something like fail2ban, and have it drop the connections
and add a firewall rule when you get too many bad attempts on that port.
Fail2ban can read the logs and act for you before it gets too bad.
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: OpenPGP digital signature
More information about the CentOS