[courier-users] Re: Esmtp ddos vulnerability in 0.40.0.20021026? - Sam Varshavchik - net.sourceforge.lists.courier-users

6 messages in net.sourceforge.lists.courier-users[courier-users] Re: Esmtp ddos vulner...

From	Sent On	Attachments
Stephen S. Kelley	Jan 3, 2003 8:41 am
Sam Varshavchik	Jan 3, 2003 2:56 pm
Stephen S. Kelley	Jan 3, 2003 5:13 pm
Sam Varshavchik	Jan 3, 2003 7:57 pm
William Dell Wisner	Jan 4, 2003 12:58 am
Sam Varshavchik	Jan 4, 2003 8:34 am

Subject:	[courier-users] Re: Esmtp ddos vulnerability in 0.40.0.20021026?
From:	Sam Varshavchik (mrs...@courier-mta.com)
Date:	Jan 3, 2003 7:57:40 pm
List:	net.sourceforge.lists.courier-users

Stephen S. Kelley writes:

or time out, new ones are once again available. There were no new incoming esmtp connections in the log for a day and a half after the spam storm when the server was rebooted and lots of mail piled up on secondary servers during this time.

Does esmptd permanently refuse connections after reaching a limit?

No.

Could the couriertcpd process listening on port 25 have crashed or got messed up? Could 75 esmtpd processes somehow got stuck preventing new ones from starting?

couriertcpd is pretty resilient. I have a SMP box here also running Red Hat 8.0. Unfortunately, it looks like the latest Red Hat kernels definitely have stability issues at high load.

Check your syslog, for kernel messages that read something like 'array.c:407: bad pmd c001e30f', with varying hexadecimal numbers. If you logged those prior to the system hanging, it's a known bug where some processes get frozen under high system load (while others processes continue to get CPU slices normally). Red Hat bug #70003.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets