Bad logins bogging down server
Dan White
dwhite at olp.net
Tue Sep 19 10:12:47 EDT 2017
On 09/19/17 09:52 -0400, Michael Sofka wrote:
>The botnet is still hammering away, checking those old accounts. But
>the bottleneck appears to have been saslauthd threads. Doubling the
>thread count from 5 to 10 has resolved the problem for now. (And,
If you're comfortable with caching, increase the -t value to saslauthd.
>On 09/16/2017 07:41 AM, Michael D. Sofka wrote:
>>The symptoms are that connections grow, and grow and grow until
>>authentication slows, holding open connections longer and longer.
>>It takes about 15 minutes for the connection number to be at a point
>>at which service is interrupted. Friday night at attempt was made
>>to re-enable off-campus IMAP, and the bots were still at it, service
>>was again disrupted.
>>Any other resources or limits in either Cyrus or Linux (Debian) that
>>I should look at?
https://debian-administration.org/article/187/Using_iptables_to_rate-limit_incoming_connections
--
Dan White
More information about the Info-cyrus
mailing list