[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Pop Server dying
- Subject: Re: [cobalt-users] Pop Server dying
- From: Larry Smith <lesmith@xxxxxxxxx>
- Date: Thu Mar 14 14:22:19 2002
- Organization: ECSIS.NET
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Skeeve,
INRE [cobalt-users] Pop Server dying:
> I have a problem where the pop server run out of Inetd is dying
> frequently...
> from /var/log/messages
> pop-3/tcp server failing (looping), service terminated
> This is causing a great deal of trouble....
> I have put a cronjob to restart inetd every 15 minutes... but this thing is
> dying even faster than that... every 2-3 minutes sometimes... and each time
> it dies the fones go mad...
>
> Any advice on how to fix this?
Sounds like either you have a customer or host that is "bombing" your pop3
port. Check the logs for which host/IP is hitting the pop3 port just prior
to the "shut-down". If it is an actual "attack" you should find loads and
loads of connections to port 110 (pop3/qpopper) prior to the shut-down.
Pretty much all Linux kernels are designed so that if a particular process
(particularly those controlled by inetd/xinetd) receives more that 300 or so
connect requests in a minute it will shut down the service "believing"
something to be wrong (which in most cases is correct).
You can "increase" this "shutdown" value by modifying the inetd.conf file
such as:
>pop-3 stream tcp nowait:400 root /usr/sbin/tcpd in.qpopper -R
Note the ":400" (colon 400) after the nowait clause. This will tell it to
"service" 400 requests per minute before shutting down. Please be careful
and adjust this number only after checking all other variables and such (such
as the logs to see if you are actually being attacked/probed) and only adjust
in small increments. A very large number here can bring your server to its
knees or worse, down.
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx