If these zombie processes stay running for long periods of time (more than a few minutes), you may have found a bug. spamdyke should clean up child processes fairly quickly after they exit, no matter whether the remote server remains connected or not.
Is spamdyke logging anything for these connections (especially errors)? A full log from one of these sessions would be very useful, if it's possible to capture one. -- Sam Clippinger Mirko Buffoni wrote: > Hi, > > I read in the mailing list archive that users of previous major version (3) > of spamdyke had experienced this behavior. > > I sometimes find zombie processes (qmail-smtpd) whose parent process is > spamdyke. > Lately the frequency I'm experiencing this is increasing and now I have at > least > 2-3 zombie processes per day. > Normally this happens during night, but today happened between 12-13 pm. > Checking the logs I found that there were a huge amount of connections, which > saturated all the channels. > > Most of the logs are of this kind: > > CHKUSER accepted sender: from <[email protected]::All> > remote > <do.not.use.this.dns.server.anymore.123.in-addr.arpa:unknown:123.22.59.216> > rcpt <> : sender accepted > > with an empty or unexistant recipient, and the signature > "do.not.use.this.dns.server.anymore.XXX.in-addr.arpa" > in what should be (if I'm not wrong) the HELO parameter. > > (BTW, which DNS could reply with that signature? OpenDNS?) > > I read in the changelog that HELO filtering is planned for the next release. > I suppose nothing can be done at the moment with version 4.0.10, right? > > Do you think that the frequency of zombie processes could be related to the > amount of connections per second? in that case, terminating connections > which have > blacklisted keywords in the HELO parameter, could cure the problem? > > I do not have FULL logs. Guess I could keep it monitored and enable full > logging > for a short period of time (cause this happens on a production machine which > is > normally moderatedly-to-heavily loaded) during these attacks, if it can be > useful. > > Open to all suggestions. > > regards, > Mirko > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
