On Tue, 2004-06-29 at 16:35, Jeff Koch wrote: > This seems to be a problem with the outgoing remote concurrency. I'm not > sure how this would be related to a tarpit attack. However, we have a > standard toaster install - is the tarpit patch automatically turned on?
I don't believe it is... You need to create /var/qmail/control/tarpitcount and put the number of rcpt_to's to watch for in there. 5 is a good number to start with. /var/qmail/control/tarpitdelay controls the number of seconds to delay (default is 5). If I'm totally off base here, someone please chime in .... However, this should help you out a bit. In addition, do a 'netstat -an --inet | grep :25' and see if all of the connections are sourcing from the same place, or the same class C ... Perhaps you're being attacked? Are you receiving a large number of emails? If you are being attacked, you can block that IP via the tcp.smtp file (I think) ... Or better yet, in your firewall.. (you have one of those, right?) > Also, since we've got the 'big concurrency' patch is there any problem with > raising the remote concurrency to 200, 300 or even 500? Not sure.. I've never raised it above the default in the toaster... > At 03:17 PM 6/29/2004, you wrote: > >On Tue, 2004-06-29 at 15:14, Jeff Koch wrote: > > > All of a sudden this weekend the remote concurrency started topping > > out. We > > > tried raising it to 30 then to 40 and now it is at 50 but it is still > > > staying at the peak and users are complaining that their email is being > > > delayed by a few hours. The queue has also jumped by 20%. I know this is > > > off topic but if any of you can give me a quick opinion on what's > > > happenning and what to do I would really appreciate it. > > > >Sounds like a dictionary attack... Are you using the tarpit features? > > > > > Best Regards, > > > > > > Jeff Koch > >-- > >--------------------------- > >Jason 'XenoPhage' Frisvold > >Engine / Technology Programmer > >[EMAIL PROTECTED] > >RedHat Certified - RHCE # 803004140609871 > >MySQL Pro Certified - ID# 207171862 > >MySQL Core Certified - ID# 205982910 > >--------------------------- > >"Something mysterious is formed, born in the silent void. Waiting alone > >and unmoving, it is at once still and yet in constant motion. It is the > >source of all programs. I do not know its name, so I will call it the > >Tao of Programming." > > Best Regards, > > Jeff Koch, Intersessions -- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."
signature.asc
Description: This is a digitally signed message part
