[lug] sendmail rejecting connections
Paul Bille
Paul at ebille.cudenver.edu
Fri Aug 9 11:36:06 MDT 2002
Warren > . . . sendmail[919]: rejecting connections on daemon MTA: load
average: 46 . . .
Warren > . . . I was over-reacting . . .
Research turned up a reference to a possible (unlikely) problem.
http://packetstormsecurity.nl/9904-exploits/sendmail.8.9.1.DoS.txt
The reference isn't clear but if I interpret it correctly, it appears a
DOS attack could cause the symtom we're observing. If a sendmail
session is abnormally terminated during transmission, a temporary file
remains in /var/spool/. . . possibly causing the partition to fill up,
causing sendmail to stop accepting connections.
That doesn't appear to be likely. I checked /var/log/maillog and
/var/log/secure. I don't see any indication of malicious activity
corresponding to the times when sendmail overloaded. One thing I am
seeing is a helluva lot of mail coming from FreeBSD.org
A more likely scenario would be if /var/spool or another sendmail
resource fills up. It appears to me that I have 10mb available on
/var/spool, not a lot but certainly enough to accommodate a lot of
e-mail.
Warren > I have calmed down now and thinking it's a glitch rather than a
kiddie.
It appears the maximum connections setting is a new feature to sendmail.
It's possible we're simply seeing sendmail functioning properly and
shutting down when it appears there's another problem on the system, too
many connections, possibly associated with the FTP session you
mentioned.
Warren > Apache error logs continue to show signs of having trouble
killing a child process
I see these errors occasionally also. I presume my errors are due to
people using my cgi-bin applications and dropping the connection before
the results are returned from my server. I'll have to watch that.
Thanks,
Paul
http://bille.cudenver.edu/author
More information about the LUG
mailing list