[GLLUG] Sendmail DoS Question

Ken Smith kens at kensnet.org
Wed Oct 24 22:52:52 UTC 2018

Hi All

I've been noticing what looks like an attempt at a DoS on my mail 
server. Various hosts open sets of SSL sessions to port 465 and then sit 
there not exchanging any traffic. The server is set to allow 20 sendmail 
processes and the miscreant gets that number of session going 
effectively DoSing the service. Easily remedied by killing it all and 
restarting the daemon. I've adjusted sendmail's timeouts to drop these 
malicious sessions.

The session processes get stuck looking like this in ps.

sendmail: server [] startup

I've also set a connection limit to port 465 in iptables to reject these 
multiple sessions that appear to originate in batches from the same IP 
and then from another IP and so on.

Anyone else seeing this and out of interest what mode is sendmail in 
when its shows "startup". I've tried manually connecting and sending 
e-mail either in plain text or via ssl and don't see that status.



This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the GLLUG mailing list