Hi Michael, > I have a BO server with APF, Geo-IP, AV-Spam and Fail2Ban that is > displaying a problem with what appear to be hung up Sendmail processes. > > When I look at the running processes I have tons (30 or more) of > Sendmail children that look like “sendmail: server [185.50.149.xx] cmd > read” They will be thirty min old or older and just sit there and never die.
Yeah, that's Fail2ban in action. It detected something fishy coming from that IP and then dropped a rule that prevents further access. However, Sendmail has some absurd timeouts, so it keeps it's end of the connection open for a bloody long time. I have not found a good solution for this yet. If it becomes a bother, then you might want to tweak the Fail2ban settings a little to prevent this from happening. For that edit /etc/fail2ban/filter.d/sendmail-reject.conf and find this section in it: # Parameter "mode": normal (default), extra or aggressive # Usage example (for jail.local): # [sendmail-reject] # filter = sendmail-reject[mode=extra] # mode = extra See the "mode = extra"? Change it to this: mode = normal Then save the changes and restart Fail2ban: systemctl restart fail2ban That reduces the sensitivity of Fail2ban back to somewhat more lenient Sendmail rules. You might still spot the occasional "hung" Sendmail client process afterwards, but their number and frequency will be considerably reduced. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx