OT: All processes of Sendmail stuck... DDOS?

Ugo Bellavance ugob at camo-route.com
Mon Mar 20 12:39:07 GMT 2006


Res wrote:
> Hi,
> 
> On Mon, 20 Mar 2006, Ugo Bellavance wrote:
> 
>> Most of our MX's are having this problem.
>> Using a mix of Greet pause, connexion throttling, greylisting, RBLs.
> 
> Ensure the ident time is 1-3 seconds

Will check.

> 
> Greet pause, mostly you can get away with setting of 2000

We use a slightly higher value.

> 
> Greylisting... is not really good idea on busy servers, its also very 
> time consuming with those with many MX's, might take an hour or so for 
> mail to get received.

No problem with many MX's, the milter syncs the records.  We had some 
ajustments to make for big ISP servers which run their queue only once 
every 1 or 2 hours, but the rest is ok.

> 
> RBL's, here might be the problem, try manual lookups on somthing on each 
> RBL used, maybe there is one with problem.

We found out that the problem was milter-ahead, caused by a destination 
server not responding.

> 
>> The number of connexions rejected by sendmail by these different 
>> processes have known a very significant increase lately.  Before 
>> implementing
> 
>> Greylisting, MailScanner was processing ~ 100 000 msg/day max on all 
>> of our servers.  Now all the log entries for rejected connexions by 
>> sendmail totals ~ 400 000/ day, and it doesn't look like it si going 
>> to stop.
> 
> not suprised, dump it and fast!
> 
>>
>> We are not getting complaints (yet), and the ressources seems to be 
>> able to cope with the problem without significant problems.
>>
> 
> your lucky, we have users who like to email themselves if it doesnt 
> arrive within 30 seconds they ring the support desk :)

It was the week end.  Not too bad :).  Should be fixed early this morning.

> 
> 



More information about the MailScanner mailing list