[GLLUG] Sendmail DoS Question
Ken Smith
kens at kensnet.org
Wed Oct 24 22:52:52 UTC 2018
Hi All
I've been noticing what looks like an attempt at a DoS on my mail
server. Various hosts open sets of SSL sessions to port 465 and then sit
there not exchanging any traffic. The server is set to allow 20 sendmail
processes and the miscreant gets that number of session going
effectively DoSing the service. Easily remedied by killing it all and
restarting the daemon. I've adjusted sendmail's timeouts to drop these
malicious sessions.
The session processes get stuck looking like this in ps.
sendmail: server [178.128.158.113] startup
I've also set a connection limit to port 465 in iptables to reject these
multiple sessions that appear to originate in batches from the same IP
and then from another IP and so on.
Anyone else seeing this and out of interest what mode is sendmail in
when its shows "startup". I've tried manually connecting and sending
e-mail either in plain text or via ssl and don't see that status.
Thanks
Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the GLLUG
mailing list