multiple pop3 connetions and growning - help please
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
multiple pop3 connetions and growning - help please
Hi there, as per subject, I'm noticing that over a short period of time the number of pop3 instances seems to be increasing and I'm at a loss as to how toi prevent this or why it may be happening. Below is the o/p from a ps -ax netstat and a copy of my inetd.conf file
ps -ax
Code:
PID TTY STAT TIME COMMAND
1 ? S 0:07 init [3]
2 ? SW 0:00 [keventd]
3 ? SWN 0:00 [ksoftirqd_CPU0]
4 ? SWN 0:00 [ksoftirqd_CPU1]
5 ? SW 0:20 [kswapd]
6 ? SW 0:00 [bdflush]
7 ? SW 0:33 [kupdated]
9 ? SW 0:00 [ahc_dv_0]
10 ? SW 0:00 [ahc_dv_1]
11 ? SW 0:00 [scsi_eh_1]
12 ? SW 0:00 [scsi_eh_2]
13 ? SW< 0:00 [mdrecoveryd]
14 ? SW 0:00 [kreiserfsd]
424 ? S 0:06 /usr/sbin/syslogd -r
427 ? S 0:00 /usr/sbin/klogd -c 3 -x
430 ? S 0:01 /usr/sbin/inetd
433 ? S 0:00 /usr/sbin/sshd
440 ? S 0:02 /usr/sbin/crond -l10
442 ? S 0:00 /usr/sbin/atd -b 15 -l 1
445 ? S 0:33 sendmail: accepting connections
448 ? S 0:00 sendmail: Queue runner@00:25:00 for /var/spool/clientmqueue
452 ? S 4:19 /usr/bin/spamd -c -d
468 ? S 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/run/mysql/mysql.pid --skip-networking
498 ? S 12:22 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysql/mysql.pid --skip-locking --port=3306 --socket=/var/run/mysql/mysql.sock --skip-networking
504 ? S 0:18 /usr/sbin/httpd
506 ? S 0:00 /usr/sbin/gpm -m /dev/mouse -t ps2
524 ? S 0:12 /usr/bin/perl /usr/local/webmin/miniserv.pl /etc/webmin/miniserv.conf
529 ? S 13:21 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
547 tty1 S 0:00 /sbin/agetty 38400 tty1 linux
548 tty2 S 0:00 /sbin/agetty 38400 tty2 linux
549 tty3 S 0:00 /sbin/agetty 38400 tty3 linux
550 tty4 S 0:00 /sbin/agetty 38400 tty4 linux
551 tty5 S 0:00 /sbin/agetty 38400 tty5 linux
552 tty6 S 0:00 /sbin/agetty 38400 tty6 linux
2405 ? S 0:00 popa3d
3400 ? S 0:00 popa3d
3887 ? S 0:00 popa3d
4286 ? S 0:00 popa3d
6493 ? S 0:00 popa3d
7698 ? S 0:00 popa3d
9037 ? S 0:00 popa3d
9119 ? S 0:00 popa3d
9162 ? S 0:00 popa3d
9237 ? S 0:00 popa3d
9243 ? S 0:00 popa3d
9333 ? S 0:00 popa3d
9626 ? S 0:00 popa3d
9718 ? S 0:00 popa3d
14374 ? S 9:04 spamd child
16229 ? S 0:00 popa3d
16234 ? S 0:00 popa3d
20982 ? S 0:08 spamd child
25253 ? S 0:00 /usr/sbin/httpd
25254 ? S 0:00 /usr/sbin/httpd
25255 ? S 0:00 /usr/sbin/httpd
25256 ? S 0:00 /usr/sbin/httpd
25257 ? S 0:00 /usr/sbin/httpd
25259 ? S 0:00 /usr/sbin/httpd
25270 ? S 0:00 /usr/sbin/httpd
25308 ? S 0:00 /usr/sbin/httpd
25313 ? S 0:00 /usr/sbin/httpd
25314 ? S 0:00 /usr/sbin/httpd
25959 ? S 0:00 popa3d
25964 ? S 0:00 in.comsat
25969 ? S 0:00 sshd: plisken [priv]
25971 ? S 0:00 sshd: plisken@pts/0
25972 pts/0 S 0:00 -bash
25988 pts/0 R 0:00 ps -ax
# See "man 8 inetd" for more information.
#
# If you make changes to this file, either reboot your machine or send the # inetd a HUP signal:
# Do a "ps x" as root and look up the pid of inetd. Then do a # "kill -HUP <pid of inetd>".
# The inetd will re-read this file whenever it gets that signal.
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args> # # The first 4 services are really only used for debugging purposes, so # we comment them out since they can otherwise be used for some nasty # denial-of-service attacks. If you need them, uncomment them.
# echo stream tcp nowait root internal
# echo dgram udp wait root internal
# discard stream tcp nowait root internal
# discard dgram udp wait root internal
# daytime stream tcp nowait root internal
# daytime dgram udp wait root internal
# chargen stream tcp nowait root internal
# chargen dgram udp wait root internal
time stream tcp nowait root internal
time dgram udp wait root internal
#
# These are standard services:
#
# File Transfer Protocol (FTP) server:
ftp stream tcp nowait root /usr/sbin/tcpd proftpd
#
# Telnet server:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
#
# The comsat daemon notifies the user of new mail when biff is set to y:
comsat dgram udp wait root /usr/sbin/tcpd in.comsat
#
# Shell, login, exec and talk are BSD protocols #
#shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L
#login stream tcp nowait root /usr/sbin/tcpd in.rlogind
# exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
# talk dgram udp wait root /usr/sbin/tcpd in.talkd
# ntalk dgram udp wait root /usr/sbin/tcpd in.talkd
#
# To use the talk daemons from KDE, comment the talk and ntalk lines above # and uncomment the ones below:
# talk dgram udp wait root /usr/sbin/tcpd /opt/kde/bin/kotalkd
# ntalk dgram udp wait root /usr/sbin/tcpd /opt/kde/bin/ktalkd
#
# Kerberos authenticated services
#
# klogin stream tcp nowait root /usr/sbin/tcpd rlogind -k
# eklogin stream tcp nowait root /usr/sbin/tcpd rlogind -k -x
# kshell stream tcp nowait root /usr/sbin/tcpd rshd -k
#
# Services run ONLY on the Kerberos server #
# krbupdate stream tcp nowait root /usr/sbin/tcpd registerd
# kpasswd stream tcp nowait root /usr/sbin/tcpd kpasswdd
#
# POP and IMAP mail servers
#
# Post Office Protocol version 3 (POP3) server:
## nowait/Max daemons/Max connections per IP per min.
#pop3 stream tcp nowait/10/3 root /usr/sbin/tcpd /usr/sbin/popa3d
pop3 stream tcp nowait/5/1/1 root /usr/sbin/tcpd /usr/sbin/popa3d
# Internet Message Access Protocol (IMAP) server:
#imap2 stream tcp nowait root /usr/sbin/tcpd imapd
#
# The Internet Unix to Unix copy (UUCP) service:
# uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l
#
# Tftp service is provided primarily for booting. Most sites # run this only on machines acting as "boot servers."
# tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
# bootps dgram udp wait root /usr/sbin/bootpd bootpd
#
# Finger, systat and netstat give out user information which may be # valuable to potential "system crackers." Many sites choose to disable # some or all of these services to improve security.
# Try "telnet localhost systat" and "telnet localhost netstat" to see that # information yourself!
# finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -u
# systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx
# netstat stream tcp nowait root /usr/sbin/tcpd /bin/netstat -a
#
# Ident service is used for net authentication # Since we start identd as nobody, it can't write a .pid file in /var/run, so tell it # to use /dev/null. This is of little importance unless you run identd as a # standalone daemon anyway.
auth stream tcp wait nobody /usr/sbin/in.identd in.identd -P/dev/null
#
# These are to start Samba, an smb server that can export filesystems to # Pathworks, Lanmanager for DOS, Windows for Workgroups, Windows95, Lanmanager # for Windows, Lanmanager for OS/2, Windows NT, etc.
# If you're running smbd and nmbd as daemons in /etc/rc.d/rc.samba, then you # shouldn't uncomment these lines.
#netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
#netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
#
#Samba Web Administration Tool:
#swat stream tcp nowait.400 root /usr/sbin/swat swat
#
# Sun-RPC based services.
# <service name/version><sock_type><rpc/prot><flags><user><server><args>
# rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rstatd
# rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rusersd
# walld/1 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rwalld
#
# End of inetd.conf.
Under the pop3 entry, I've tried to reduce the number of spawns/instances as you can see but this is still happening as you can also see above.
Any help or pointers would be greatly appreciated.
Thanks in advance and apologies if in the wrong forum, but this is on a slack 9.1 machine
From my reading it looks like your max connections suffix isn't being honored... which means by default you could get up to 256 instances...
did you reload inetd after changing the config file?
/etc/rc.d/rc.inetd restart and a reboot for good measure
Why would they be increasing in number though, would it be an incomplete pop session? and if this is the case, surly this would terminate after some time?
I'm under the impression that popa3d generates child processes to handle each connection. I get this impression from the -D switch in the man page:
Quote:
-D With this option set, popa3d will detach and become a daemon, ac-
cepting connections on the pop3 port and forking child processes
to handle them. This has lower overhead than starting popa3d from
inetd(8) and is thus useful on busy servers to reduce load.
I assume it would act similarly with inetd and just abide by inetd settings when running but there's not a lot of documentation on popa3d and I haven't had the time or inclination to look through the source.
The program not respecting your inetd limits confuses me, however, is it possible it's running under both inetd and from rc scripts?.
Def only running from itend, there are no references in the rc scripts.
I'm now thinking that is it possible that the connections are not being properly closed by certain clients? Though this still wouldnt explain why the limits from inetd.conf are being ignored.
After looking a little closer at your netstat output you actually only have 5 unique source I.P. addresses listed for pop3 connections, but there are a few that have multiple connections.
There's some nice additional information in the various emails that I haven't found anywhere else and which might be useful. I'm still looking for anything which might be relevant to this specific issue, however.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.