[Info-vax] TCPIP tying up system
Henry Crun
mike at rechtman.com
Sun Nov 28 12:16:35 EST 2010
On 28/11/10 12:57, Phillip Helbig---undress to reply wrote:
> In article<icrv79$ned$1 at news.albasani.net>, Jan-Erik Soderholm
> <jan-erik.soderholm at telia.com> writes:
>
>> And if you do "$ SHOW ACCOUNTING", you do have
>> "LOGIN_FAILURE" in the list of enabled activities ?
>
> Yes.
>
>> If you do "$ tcpip show service smtp/full", what does
>> "Peak: nn" say ?
>
> 10
>
>> Changing/lowering "Limit:" might at least prevent your
>> system to lock up.
>
> Limit is also 10.
>
>> Do you have any "TCPIP-W-SMTP_xxxxx" messages in OPERATOR.LOG ?
>> Sauch as :
>>
>> > %TCPIP-W-SMTP_NOSPAMRLY, Rejected relay to<wazm01 at sohu.com>
>> from client IP address 121.13.54.130 as suspected SPAM
>
> Yes, but all seem to be of the form
>
> TCPIP-W-SMTP_CLNTINRBL, client IP address 122.161.124.151 matched RBL list
>
> I suspect it was SSH and not TCPIP which was causing the problem.
>
If it was SSH, and on the assumption that you are using HP TCP/IP Services for
OpenVMS, edit SYS$SYSDEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. [*} and start locking
down your system.
1) set MaxConnections to a lower (single-digit) value
2) set LoginGraceTime to less than one minute
3) set AllowHosts to whatever hosts you want to allow in
4) set AllowUsers to a *few non-privileged users*
I'm sure there are lots more, but start with those.
OTOH for SMTP:
edit SYS$SPECIFIC:[TCPIP$SMTP]SMTP.CONFIG; [*]
and add the line:
RBLs: zen.spamhaus.org
to cut out a lot of spam.
[*]Note: These are the default file locations. YMMV.
--
Mike R.
Home: http://alpha.mike-r.com/
QOTD: http://alpha.mike-r.com/php/qotd.php
No Micro$oft products were used in the URLs above, or in preparing this message.
Recommended reading: http://www.catb.org/~esr/faqs/smart-questions.html#before
More information about the Info-vax
mailing list