[Info-vax] TCPIP tying up system
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Sat Nov 27 17:02:23 EST 2010
On 2010-11-27 22:49, Phillip Helbig---undress to reply wrote:
> In article
> <df8efd36-a970-4f0f-9088-946d762cfbd3 at l32g2000yqc.googlegroups.com>, H
> Vlems<hvlems at freenet.de> writes:
>
>> Try ACC/since=<date>/type=logfail that might tell you whether the
>> system was under attack.
>
> Nothing. Without /SINCE, I get just 3 entries from several years ago.
>
> I'm pretty sure that whatever it was didn't get as far as a login
> attempt, or even tried to log in (e.g. a flood of email spam).
>
And if you do "$ SHOW ACCOUNTING", you do have
"LOGIN_FAILURE" in the list of enabled activities ?
> ...(e.g. a flood of email spam)
If you do "$ tcpip show service smtp/full", what does
"Peak: nn" say ?
Changing/lowering "Limit:" might at least prevent your
system to lock up.
Do you have any "TCPIP-W-SMTP_xxxxx" messages in OPERATOR.LOG ?
Sauch as :
> %TCPIP-W-SMTP_NOSPAMRLY, Rejected relay to <wazm01 at sohu.com>
from client IP address 121.13.54.130 as suspected SPAM
More information about the Info-vax
mailing list