Heavy increase in spam, (now lingering connections to sendmail/etc.)

Michael R. Dilworth michael at dilworth.net
Mon Sep 3 00:55:12 IST 2007


 -----Original Message-----

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Vlad Mazek
Sent: Sunday, September 02, 2007 3:06 PM
To: MailScanner discussion
Subject: Re: Heavy increase in spam influx this week?


How do you manage concurrent connections in Sendmail? I know about confCONNECTION_RATE_THROTTLE and
WINDOW_SIZE but is there anything that will limit the number of concurrent connections from a single
IP address?

-Vlad


On 8/31/07, Gareth <list-mailscanner at linguaphone.com> wrote:
cat /var/log/maillog | grep -E "(connection count|concurrency)"
Looking through my logs there have been the odd one or two IP addresses in
the past with about 10 active connections at once but starting from the 27th
I started to see connection of over 20 concurrent.

I have dropped the concurrent connections per IP from 50 down to 5. We only
have a 1Mbps internet connection so if any genuine person tries to send us
more than that at the same time I would prefer to limit it to conserve
bandwidth anyway.

I think I'll do what you did and reduce the smptd_timeout aswell.

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Leland
> J. Steinke
> Sent: 31 August 2007 18:55
> To: MailScanner discussion
> Subject: Re: Heavy increase in spam influx this week?
>
>
> Kai Schaetzl wrote:
>
> > My Postfix machines still suffer from the backlog of bots, as I
> haven't checked yet
> > if Postfix provides similar time-out options. Anyone knows?
>
> smtpd_timeout?
>
> I started reducing this from 300s to 120s several moments ago, after
> catching up on my email after a particularly long meeting discussing,
> among other things, requirements for new spam/virus filtering servers...
>
>
> Leland
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>

   Not from a single IP, "that I know of", however as stated earlier in the
thread:

    Setting:
        define(`confTO_COMMAND',`??m')
    and:
        define(`confMAX_DAEMON_CHILDREN', ???)


    Will help/solve the current problem, I agree with other's, it is a broken
    bot that leaves the connection open, causing one of two things in
    sendmail:
        A: wastes a lot of memory for an hour until the connection times out
        ( default setting)

        B:  hits your Max Daemon Children setting and start's rejecting
        connections.

    As for exact numbers It does depend on your setup, I'm running 15m
    for Command and 512 for children.

    Question from ME! what does sendmail respond with in the B case?
    Reject or TempFail?   This problem started on Tuesday of last week
    for me.   I was not paying attention, and the server did recover. (after
    an hour or so).

    Note to self: don't delete threads automatically based on subject.
    Also a request, when the "subject" changes drastically such as
    this one has, Maintain the thread or not, but please change/alter
    the subject.





More information about the MailScanner mailing list