Am Dienstag, 29. MÃrz 2005 18:37 schrieb Jeremy Kitchen:
> On Tuesday 29 March 2005 10:31 am, Tobias Orlamuende wrote:
> > After intensive logging I found out, that chkuser sends something like
> > "You are violating my security policy" when CHKUSERRCPTLIMIT and / or
> > CHKUSER_WRONGRCPTLIMIT is reached.
> > That's fine so far, but the other side is still sending masses of "rcpt
> > to". This causes qmail-smtpd to stay open for a very long time until the
> > sender finishes sending his spam.
>
> so?  the resources consumed by a single copy of qmail-smtpd hanging around
> for some spammer to give up are minimal.

IMHO not :-(
qmail-smtpd is running for 40 minutes and counts up (until now) to 105 
processes where the oldest one dates from one minute after startup of 
qmail-smtpd. Load of this Dueal-Opteron (240) is about 100.
Timeoutsmtpd is set in control...
Most of the started qmail-smtpd's are closed correctly, but some stay open 
which gives this amount...

I am not 100% sure if this problem is caused by chkuser, but for me it looks 
like. The strange thing is, that most of these open sessions are using 
STARTTLS.
Btw: Anybody made bad experiences with this patch ?
http://www.arda.homeunix.net/store/qmail/starttls-2way-auth-20050307.patch

I started with Bill Shupp's tls-auth-patch but the loead was even going much 
higher than now.

>
> > Wouldn't it make sense to let chkuser terminatie this specific
> > qmail-smtpd instance if one of the above limits is reached?
>
> perhaps, but why?

See above.

>
> > If yes, how could it be implemented?
>
> just edit the code.  Find the place where it flips on the "ok, we're not
> accepting anymore" limit... and have it exit.

Nice. But for me as somebody who has nearly no knowledge of C it is quite 
difficult.

Maybe you, Jeremy, or somebody else on this list has any hints for the above 
situation...

Greetings
Tobias

Reply via email to