On 4 Jan 2006 at 15:31, David F. Skoll wrote: > Has anyone noticed some strange activity lately? Specifically, one of our > customers has been hit by hundreds or thousands of machines that open SMTP > connections to his boxes and then just sit there, leaving the connection > idle. This wreaks havoc by creating tons and tons of Sendmail processes. > > We fixed it by setting confTO_COMMAND to 3 minutes instead of the default one > hour; we're seeing about one connection every few seconds timing out (and > new ones coming into the start of the pipe, of course.) This is for a > smallish ISP. > > I'm wondering if it's an attack specifically on our customer, or if there's > a DDoS botnet (or a buggy spam-sending botnet) around? >
I'm not seeing anything unusual today - about the normal number of timeout messages. Do you mean TO_CONNECT? We have that set to 3 seconds in some cases, although I don't remember at the moment why we set it so low. -David Meissner _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
