Strange Sendmail Sessions

Stephen Conway sconway at wlnet.com
Fri Oct 13 14:22:03 IST 2006


Hello Denis:

Yes, I found these too, but when I was using older version of Sendmail, I
changed this, and it had no effect.  After upgrading Sendmail to 8.13.8 ,
now the settings are doing the job, and server is not being tied up.

The main question still remains, why are these coming?  Is it some type of
DOS attack?  But if so, why from so many different Ips?

Thanks,

Steve
 

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Denis
Beauchemin
Sent: Thursday, October 12, 2006 4:59 PM
To: MailScanner discussion
Subject: Re: Strange Sendmail Sessions

Stephen Conway a écrit :
> Hello All:
>  
> I have a couple systems with the following:
>
> Intel based systems 1 GB RAM running Slackware Linux Sendmail 8.13.8 
> MailScanner-4.55.10 SpamAssassin version 3.1.0 Perl 5.6.1
>
> I have a problem where I am getting a lot of sendmail sessions opening 
> up similar to below:
>
> 0:00 sendmail: k9CJgJRU012733 c647683-42.impsat.com.co [64.76.83.42] 
> (may be
> forged): DATA
> 0:00 sendmail: k9CJlhwE014949 movaris-nxds1-89.hicap.alink.net
> [67.131.237.89]: DATA
>
> A bunch of these keep coming in from various different networks, but 
> they all stay around and eventually my MAX Daemon Children vaule is 
> reached.  The question is, can this be a network issue where these 
> sessions are not completing?  Also, how can I get sendmail to kill 
> these old sessions after X minutes or something?
>
> Any assistance is appreciated.
>
> Thanks,
>
> Steve
>
>
>   
Steve,

I use the following in my sendmail.mc:
define(`confTO_ACONNECT', `5m')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_ICONNECT', `20s')dnl
define(`confTO_COMMAND', `5m')dnl
define(`confTO_AUTH', `1m')dnl
define(`confTO_DATABLOCK', `5m')dnl
define(`confTO_DATAFINAL', `10m')dnl
define(`confTO_MAIL', `5m')dnl
define(`confTO_RCPT', `5m')dnl
define(`confTO_RESOLVER_RETRANS_FIRST', `2s')dnl
define(`confTO_RESOLVER_RETRANS_NORMAL', `10s')dnl
define(`confTO_RESOLVER_RETRY_FIRST', `2')dnl
define(`confTO_RESOLVER_RETRY_NORMAL', `5')dnl define(`confTO_STARTTLS',
`5m')dnl

I was also seeing connections that would not close, shutting my server down.
Haven't seen any since I configured all the TO_ listed above.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045






More information about the MailScanner mailing list