[Info-vax] TCPIP Services IMAP and POP resource consumption

[Stephen Hoffman]

On 2016-02-06 00:24:14 +0000, Rich Jordan said:

> But using TELNET to the POP server takes almost 60 seconds for the 
> banner to come back.  Enter USER USERNAME, and its almost a minute 
> before you are told Password required.  QUIT responds in about 20 
> seconds.
> 
> So we're going to turn up logging, see if we can monitor things to find 
> out what the slowdown is.

I'd normally monitor locking traffic as contention on SYSUAF can cause 
what you are seeing here, but that everything else that's working here 
implies that this is isolated to POP.

Look for spam activity.   Your description fits what malware can do 
when it discovers an open mail server.    Use tcpdump on the POP 
traffic, since it's utterly wide open, insecure, and unencrypted.

Had a VMS box "discovered" by some malware, and that VMS box was then 
used to blast out spam.   I'd briefly shut off the SMTP sending queues 
while troubleshooting that box, and the backlog that quickly piled up 
in the outgoing queues was quite impressive.

Moving to hosted mail or to a replacement server — a Mac Mini can do 
all of what this box is doing, and more easily and more securely — is 
likely the best path, and as these folks are apparently doing.   
Present-day OpenVMS does not do this mail server job at all well, and 
this OpenVMS box is very old and very much down-revision.



-- 
Pure Personal Opinion | HoffmanLabs LLC