And I've got 759 kernel warning possible SYN flood from (always unique IPs) on
our.mail.server.com since sometime early on the 21st.
Is this really a DoS attack, and if so how can we stop it?
Eric Dahnke escribió:
> It is still the same. Our server won't accept SMTP.
>
> /var/ now has lots of room, and I've reset the machine a few times already.
>
> It is a linux box, and qmail-smtpd is started from tcpserver this:
>
> /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 501 -g 500 0 smtp
> /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &
>
> Should I just start killing qmail-smtpd processes?
>
> How to fix this?
>
> Eric Dahnke escribió:
>
> > /var/ was 100% full. Too much logging I guess.
> >
> > - una estupidez
> >
> > Eric Dahnke escribió:
> >
> > > Heeelllppp,
> > >
> > > I'm fairly new to live mail server maintenence, but it almost seems like
> > > a DoS.
> > >
> > > The server is never very busy, it does about 7000 deliveries per day.
> > >
> > > There are about 44 qmail-smtp processes running, quit a few more than
> > > usual and a telnet to port 25 just hangs.
> > >
> > > qmail-queue zombie processes keep showing up. (now up to five)
> > >
> > > I've already reset the machine once. When it came back it was ok for
> > > about 2 minutes, then the same, lots of qmail-smtp and no port 25
> > > response.
> > >
> > > Telnet 110 responds no problem, and the load average is 0.3 or something
> > > way low.
> > >
> > > What is happening and how can I fix it! - thx - eric
