Article 13610 at 08/07/27 00:53:51 From: jeff (at mark) datatune.com Subject: [coba-e:13610] Re: Dovecot/POP3 Flood

Index: [Article Count Order] [Thread]
Date:  Sat, 26 Jul 2008 08:52:57 -0700
From:  "Jeff Keller" <jeff (at mark) datatune.com>
Subject:  [coba-e:13610] Re: Dovecot/POP3 Flood
To:  coba-e (at mark) bluequartz.org
Message-Id:  <1d4c951a0807260852q6a3a10cdic7a9a4e1b4367929 (at mark) mail.gmail.com>
In-Reply-To:  <200807260319.m6Q3J0uY026333 (at mark) ana.xnet.com.mx>
References:  <1d4c951a0807251545k9e6cd36ya41555a4f3e1ce19 (at mark) mail.gmail.com>	 <200807260319.m6Q3J0uY026333 (at mark) ana.xnet.com.mx>
X-Mail-Count: 13610

Whoops--didn't see that the first time.  Sorry...  (and thanks!)

JK

On Fri, Jul 25, 2008 at 7:28 PM, Rodrigo Ordonez Licona <rodrigo (at mark) xnet.com.mx>
wrote:

>  This is the script set it to run every minute placing a file in
> /etc/cron.d
>
> with the follwoing contents
>
>
> */1 * * * * root /usr/bin/dovecot.fix
>
>
> ======================
> This means to save the attached file change its name to dovecot.fix or
> (something you like)
>
>
> hth
>
> Rodrigo O
> Xnet
>
>
>  ------------------------------
>  *From:* Jeff Keller [mailto:jeff (at mark) datatune.com]
> *Sent:* Viernes, 25 de Julio de 2008 04:45
> *To:* coba-e (at mark) bluequartz.org
> *Subject:* [coba-e:13601] Re: Dovecot/POP3 Flood
>
>  I'd like to configure my (hardware) firewall to block the traffic that's
> crashing dovecot--does anybody know what this signature looks like so that I
> can add that to the firewall?
>
> JK
>
> On Fri, Jul 25, 2008 at 3:33 PM, Greg Kuhnert <
> greg.kuhnert (at mark) theanchoragesylvania.com> wrote:
>
>> I was restarting firewall, but my server was still crashing all the
>> time.... the only way to keep it on the road back then was a regular reboot
>> of the server. Anyway, I might have another look at it, if the memory
>> problem is fixed!
>>
>> Ta.
>> Greg.
>>
>> Dogsbody wrote:
>>
>>>
>>> ipt_recent was a great solution - but over time, I found it had a memory
>>>> leak. The only way to reclaim memory was a reboot of the server.
>>>>
>>>
>>> This is due to a bug in the recent module.  It is fixed in kernels 2.6.12
>>> and above.  Until then I just do a weekly restart to the firewall, it takes
>>> less than a second and certainly saves bouncing the server :-)
>>>
>>> touch /etc/cron.weekly/fwrestart.cron
>>> chmod 750 /etc/cron.weekly/fwrestart.cron
>>> vi /etc/cron.weekly/fwrestart.cron
>>>
>>>  #!/bin/sh
>>>  /etc/rc.d/init.d/iptables restart > /dev/null
>>>
>>> I hope this helps
>>>
>>> One day I'll fully comment up and publish my firewall rules for everyone
>>> to use, life gets in the way :-/
>>>
>>> Dan
>>>
>>
>>
>>
>

	13610_2.html (attatchment)(tag is disabled)