[BlueOnyx:23811] Re: Sendmail processes problem
Michael Stauber
mstauber at blueonyx.it
Thu Apr 30 15:33:18 -05 2020
Hi Michael,
> I have a BO server with APF, Geo-IP, AV-Spam and Fail2Ban that is
> displaying a problem with what appear to be hung up Sendmail processes.
>
> When I look at the running processes I have tons (30 or more) of
> Sendmail children that look like “sendmail: server [185.50.149.xx] cmd
> read” They will be thirty min old or older and just sit there and never die.
Yeah, that's Fail2ban in action. It detected something fishy coming from
that IP and then dropped a rule that prevents further access.
However, Sendmail has some absurd timeouts, so it keeps it's end of the
connection open for a bloody long time.
I have not found a good solution for this yet. If it becomes a bother,
then you might want to tweak the Fail2ban settings a little to prevent
this from happening.
For that edit /etc/fail2ban/filter.d/sendmail-reject.conf and find this
section in it:
# Parameter "mode": normal (default), extra or aggressive
# Usage example (for jail.local):
# [sendmail-reject]
# filter = sendmail-reject[mode=extra]
#
mode = extra
See the "mode = extra"? Change it to this:
mode = normal
Then save the changes and restart Fail2ban:
systemctl restart fail2ban
That reduces the sensitivity of Fail2ban back to somewhat more lenient
Sendmail rules. You might still spot the occasional "hung" Sendmail
client process afterwards, but their number and frequency will be
considerably reduced.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list