[Mimedefang] Strange activity
dm at davidmeissner.com
dm at davidmeissner.com
Wed Jan 4 16:09:47 EST 2006
On 4 Jan 2006 at 15:31, David F. Skoll wrote:
> Has anyone noticed some strange activity lately? Specifically, one of our
> customers has been hit by hundreds or thousands of machines that open SMTP
> connections to his boxes and then just sit there, leaving the connection
> idle. This wreaks havoc by creating tons and tons of Sendmail processes.
>
> We fixed it by setting confTO_COMMAND to 3 minutes instead of the default one
> hour; we're seeing about one connection every few seconds timing out (and
> new ones coming into the start of the pipe, of course.) This is for a
> smallish ISP.
>
> I'm wondering if it's an attack specifically on our customer, or if there's
> a DDoS botnet (or a buggy spam-sending botnet) around?
>
I'm not seeing anything unusual today - about the normal number of
timeout messages.
Do you mean TO_CONNECT? We have that set to 3 seconds in some cases,
although I don't remember at the moment why we set it so low.
-David Meissner
More information about the MIMEDefang
mailing list