[CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

Fri Nov 21 13:19:50 UTC 2008
Chris Heiner <cheiner at networkdesignsinc.net>

Good advice!

Thanks for helping without the "corrective elitist attitude"!

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Glenn
Sent: Thursday, November 20, 2008 5:16 PM
To: CentOS mailing list
Subject: Re: [CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)

At 07:03 PM 11/20/2008, you wrote:
>on 11-20-2008 3:31 PM Kai Schaetzl spake the following:
> > Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
> >
> >> I get complaints about "the servers asking for username and password".
> >
> > from your users or what? Of course, they may complain. A big dictionary
> > attack can take almost all the bandwidth for some time or leave a
backlog
> > of dovecot instances.
> > Please, as I understand you are a server adminstrator for quite a few
> > machines, correct? Yet, you are answering in a way as if you just
brought
> > your first server online.
> >
> > Btw, it's a *SYN* flood, not a SYD flood and that won't change even if
you
> > repeat it again and again.
> >
> > I
> >> started test@ accounts all many servers to try and track it down.
> >
> > Pardon, you did what?
> >
> >> I have tried restarting POP and SMTP in the past
> >
> > You may want to kill all dovecot instances, in case you *are* running
> > dovecot (if not, then of what you use, but I know that dovecot likes to
> > hang in this way if hammered). Just restarting it may not kill the
backlog
> > of hanging connections. A "ps ax|grep login" would help to see if
> > instances are still running.
> > Restarting SMTP: again, this has nothing to do with SMTP!
> >
> > Kai
> >
>CentOS 4 comes with a very OLD version of dovecot.
>If you are using dovecot, you can get a much newer version at atrpms.net.
>The upgrade might be all you need to fix it.

Watch out for this gotcha! The Dovecot version 1.0.x that comes with 
CentOS 5.x is much better and I run it and would recommend it, but 
the configs for 0.99.x (Came with CentOS 4.x) are incompatible with 
the previous version.

Cheers,
Glenn 

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos


----------------------------------------------
Gateway Anti-Spam Anti-Virus Protection by 
   Network Designs Inc. 949-727-3393 
 For a complete list of services go to 
       www.networkdesignsinc.com 
----------------------------------------------