Bad logins bogging down server

Dan White dwhite at
Tue Sep 19 10:12:47 EDT 2017

On 09/19/17 09:52 -0400, Michael Sofka wrote:
>The botnet is still hammering away, checking those old accounts.  But 
>the bottleneck appears to have been saslauthd threads.  Doubling the 
>thread count from 5 to 10 has resolved the problem for now.  (And, 

If you're comfortable with caching, increase the -t value to saslauthd.

>On 09/16/2017 07:41 AM, Michael D. Sofka wrote:
>>The symptoms are that connections grow, and grow and grow until 
>>authentication slows, holding open connections longer and longer.  
>>It takes about 15 minutes for the connection number to be at a point 
>>at which service is interrupted.  Friday night at attempt was made 
>>to re-enable off-campus IMAP, and the bots were still at it, service 
>>was again disrupted.

>>Any other resources or limits in either Cyrus or Linux (Debian) that 
>>I should look at?

Dan White

More information about the Info-cyrus mailing list