We have noticed that when the number of imapd processes reaches
about 120, no further connections are possible. We have already
changed the connection limits in /etc/courier/imapd:
MAXDAEMONS=640
MAXPERIP=500
The server load is very load and there are no disk i/o issue when
this happens.
The
Courier has limitations. You might consider Doevcot.
On 01/12/2011 06:52 AM, Richard Chen wrote:
We have noticed that when the number of imapd processes reaches
about 120, no further connections are possible. We have already
changed the connection limits in /etc/courier/imapd:
MAXDAEMONS=640
Bingo! That's it all right. Nice bit of sleuthing, Michael.
My apologies to CJ as he was on the right track. I missed the bit about
your local lan addresses being whitelisted though.
Spamdyke's documentation at
http://www.spamdyke.org/documentation/README.html#RELAYING says:
Authenticated
I would definitely switch (already have on all my hosts) to dovecot.
People have reported very significant improvements in IMAP performance.
For overall load reduction, you should also be using spamdyke. It'll
lighten the overall load considerably, which might help to remedy your
IMAP
Ummm... Mainly I think it was laziness so that the web hosting servers
could send via these servers. (Instead of listing just the specific
internal IP's, since I add servers occasionally...)
I think there was another reason involving how my outbound mail is working,
but now that I'm trying to
I think I understand. I did notice the QMR server further down the line
and wondered a little about it.
I'd remove spamdyke temporarily at this point and test. Then you'll know
for sure if spamdyke setting RELAYCLIENT is the cause or not.
P.S. I realize that web hosting servers are a pita,
Agreed (With the authenticating hosting servers part). This was a quick
(And I thought ok) way of getting these toasters up... I'm obviously going
to have to go back through and tweak some stuff.
I'll pull spamdyke down, test again, and let you know. I'm going to re-read
the link you included
Eric,
I've checked all the places I can think of that it might be getting
RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip
and tcp.smtp) and I've removed any reference to my internal network...
Still no luck.
Any place else you can think of before I write the RELAYCLIENT
OK... So, I pulled spamdyke out of the picture, and what do you know,
suddenly the simscan line shows what we'd expect:
Received: by simscan 1.4.0 ppid: 23321, pid: 23323, t: 0.2519s
scanners: attach: 1.4.0 clamav: 0.96.3/m:53/d:12510 spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin
On 01/11/2011 08:03 PM, Michael Colvin wrote:
Eric,
I've checked all the places I can think of that it might be getting
RELAYCLIENT set at (/var/qmail/control/relay , /etc/spamdyke/whitelist_ip
and tcp.smtp) and I've removed any reference to my internal network...
Still no luck.
Any place else
It's old... I sent it last night while changing some of the relay stuff,
and apparently cause some mail to start queuing on the customer facing
servers... So, when I put everything back (This morning), the queue dumped.
:-)
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
I've been using the tcp.smtp file in lieu of spamdyke's access file. I
don't think the access file is useful in QMT, since qmail has the SMTP
AUTH patch. I'm not certain of this though, and would like to know Sam's
take on this. I think taking this to the spamdyke list is a good idea.
It
Ok... I've got it narrowed down to the relay file...
I remarked out the access-file line, and e-mail gets scanned now... So,
it must be how I have the info entered...
Not sure where I got that just the IP was sufficient... The documentation
obviously lists the : and second value criteria...
Ok... Just to follow-up...
I set the entries in the relay file as described in SpamDyke's
documentation, same result.
I remarked out the lines in the relay file, effectively making it Empty.
SpamAssassin is still not called.
Now, I'm not sure if calling an empty file is causing an issue
To all,
I have a server that is having some problems with some
apache services. The machine appears to have a runaway process that takes
up just over 20% of the CPU, but this is enough to stop all mail and to a
certain extent network as well.
The problem for me is this machine
On 01/12/2011 03:16 PM, Mike Canty wrote:
To all,
I have a server that is having some problems with some “apache”
services.The machine appears to have a runaway process that takes up
just over 20% of the CPU, but this is enough to stop all mail and to a
certain extent network as well.
The
Eric,
We are running the standard set up with iptables (see config below).
We also have in place a Cisco 800 Series Router. The firewall part is not
really my thing, can you give me some pointers.
Cheers
# Generated by iptables-save v1.3.5 on Tue Jun 29 01:43:23 2010
*filter
:INPUT DROP
Eric,
Is it still a DoS attack, when I can get someone to run top find
the PID and kill that single process to restore connectivity?
Cheers
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Thursday, 13 January 2011 9:55 AM
To:
Hi Mike,
Firstly your ruleset not not appear to be the standard one used by QMT.
Try using this http://www.rhythm.cx/~steve/devel/tcptrack/ to see exactly
what is going on with your connections.
Have you tried looking for a root kit? If not try this one script to scan for
root kits
Ok...Just to wrap this thread up on this list, in case anyone searches this
list
The issue is apparently a known issue without an elegant solution currently.
We pretty much nailed it down though on here...
You can find Sam's response and description of the issue in the thread here:
Hi,
you might try pstree -a | less to show you the command line arguments and
paths
of all running processes. This might give you a clue at least to where the
source
file can be found!
On 13/01/2011 11:06 AM, Mike Canty wrote:
Eric,
Is it still a DoS attack, when I can get someone
FWIW I moved my ssh to a non standard port and virtually eliminated all
attacks on my server via ssh. You can also use OSSEC which locks out
IP addresses after a certain number of failed attempts at either login,
forbidden or non existent pages.
On 01/12/2011 04:35 PM, Tony White wrote:
Hi,
Tony,
Thanks for the information. I have installed rkhunter and
discovered there may indeed be rootkits. 3 entries came back in the log. (cb
Rootkit, SHV4 Rootkit, SHV5 Rootkit)
I am now looking to see if these need to be removed or the machine rebuilt.
As for the pstree -a | less it
Mike,
I assume this is a production server?
On 13/01/2011 12:00 PM, Mike Canty wrote:
Tony,
Thanks for the information. I have installed rkhunter and
discovered there may indeed be rootkits. 3 entries came back in the log. (cb
Rootkit, SHV4 Rootkit, SHV5 Rootkit)
I am now looking
Tony,
Unfortunately yes. But there is light at the end of the tunnel.
This server is a virtual server sitting on a VMware server. Remotely I am
able to copy all of the configurations files I need, all of the mail, MySQL
files, etc. to a location nearby (another CentOS machine) and
Hi Mike,
Whatever you do I would do this first...
Change the root password now.
Kick off all users
Edit /etc/ssh/sshd_config
Edit/Add Protocol 2
Edit/Add Allowusers for your username only (make sure you have shell access)
Edit/Add Port to use a different port not 22 try 3222 or something
Tony,
I have modified the sshd_config file to what you had below. Funny I
already had in place the PermitRootLogin no option, and I know about the
changing of the port numbers, but the others are new to me. Obvious in
retrospect, but new to me.
I am currently installing OSSEC and will
If I create a whitelist.cf file are the files seperated by whitespace?
comma? next line?
# domains
example.com
# e mail addresses
nots...@example.com
Will this suffice?
Thanks,
CJ
--
Cecil Yother, Jr. cj
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
Check
28 matches
Mail list logo