To reprise my earlier thread -- but armed with information!
The problem is spam. We are using an ACL to "deny" connections from dictionary attackers. Unfortunately, they are just responding by hitting our server harder than ever -- resulting in a "denial of service" attack.
In the minutes before the last "freeze" of the server we had 92 exim processes running, including five defunct processes.
The output of the last "top" command run by cron before the freeze revealed:
The situation was verified by saved output from netstat, which showed nearly all those connections were in a "CLOSE_WAIT" state.
I am not yet prepared to capitulate to the spammers. We are now trying to "drop" the connections instead of just denying them. Hopefully this solves the problem.
If someone has some more ideas, please let me know.
The problem is spam. We are using an ACL to "deny" connections from dictionary attackers. Unfortunately, they are just responding by hitting our server harder than ever -- resulting in a "denial of service" attack.
In the minutes before the last "freeze" of the server we had 92 exim processes running, including five defunct processes.
The output of the last "top" command run by cron before the freeze revealed:
Code:
top - 21:46:12 up 23:02, 0 users, load average: 145.58, 139.13, 112.89
Tasks: 253 total, 5 running, 243 sleeping, 0 stopped, 5 zombie
Cpu(s): 7.9% us, 0.9% sy, 0.0% ni, 87.6% id, 3.5% wa, 0.0% hi, 0.0% si
Mem: 517164k total, 513556k used, 3608k free, 780k buffers
Swap: 1048312k total, 1048304k used, 8k free, 6196k cachedThe situation was verified by saved output from netstat, which showed nearly all those connections were in a "CLOSE_WAIT" state.
I am not yet prepared to capitulate to the spammers. We are now trying to "drop" the connections instead of just denying them. Hopefully this solves the problem.
If someone has some more ideas, please let me know.
