On 10/1/07, Jamie Ostrowski <[EMAIL PROTECTED]> wrote: > Thats a good idea, but in this particular arrangement we've > firewalled off all other smtp connections except for a certain small > range which comes through Postini. All these connections on the > machine run through the Postini machines, so we can't firewall them > off.
If all your connections are local you can safely reduce the MSL. -Kip > > Any other suggestions? If not, we'll tweak msl. > > On 10/1/07, Alfred Perlstein <[EMAIL PROTECTED]> wrote: > > * Jamie Ostrowski <[EMAIL PROTECTED]> [071001 16:02] wrote: > > > Hello - > > > > > > I've got a mailserver running FreeBSD 4.11 and Sendmail 8.13 that has > > > been running as a mailserver for a couple of years without any > > > load/connection problems. Here are my memory stats: > > > Mem: 71M Active, 265M Inact, 96M Wired, 24M Cache, 60M Buf, 36M Free > > > Swap: 2048M Total, 760K Used, 2047M Free > > > > > > Then all of a sudden we started experiencing dropped connections even > > though > > > the load average is generally around 2.0 or less. > > > > > > I found the problem today: there are currently 1300 socket connections > > > suspended at status TIME_WAIT on the incoming smtp port. > > > > > > I checked some of my kernel settings: > > > > > > kern.ipc.somaxconn = 128 > > > net.inet.tcp.msl: 30000 > > > > > > I suspect this is a dos attack: they're just opening these connections, > > > and then let them hang there and they don't close them, so they just build > > > up and the machine rejects new connections. > > > > > > Based on my configuration, does anyone have some suggestions on how I > > > might tweak the system to overcome this (apparent?) DOS attack? > > > > You can tweak msl, but it probably makes more sense to use some form > > of firewall, ipfw, ipfilter, pf, etc on the box. > > > > you can use netstat to see the remote addresses, just block them. > > > > -- > > - Alfred Perlstein > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
