Slackware This Forum is for the discussion of Slackware Linux.
|
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-24-2013, 03:03 AM
|
#1
|
|
Member
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1-15 RH 6.2/7, RHEL 6.5 SuSE 8.2/11.1, Debian 10.5
Posts: 518
Rep: 
|
multiple pop3 connetions and growning - help please
Hi there, as per subject, I'm noticing that over a short period of time the number of pop3 instances seems to be increasing and I'm at a loss as to how toi prevent this or why it may be happening. Below is the o/p from a ps -ax netstat and a copy of my inetd.conf file
ps -ax
Code:
PID TTY STAT TIME COMMAND
1 ? S 0:07 init [3]
2 ? SW 0:00 [keventd]
3 ? SWN 0:00 [ksoftirqd_CPU0]
4 ? SWN 0:00 [ksoftirqd_CPU1]
5 ? SW 0:20 [kswapd]
6 ? SW 0:00 [bdflush]
7 ? SW 0:33 [kupdated]
9 ? SW 0:00 [ahc_dv_0]
10 ? SW 0:00 [ahc_dv_1]
11 ? SW 0:00 [scsi_eh_1]
12 ? SW 0:00 [scsi_eh_2]
13 ? SW< 0:00 [mdrecoveryd]
14 ? SW 0:00 [kreiserfsd]
424 ? S 0:06 /usr/sbin/syslogd -r
427 ? S 0:00 /usr/sbin/klogd -c 3 -x
430 ? S 0:01 /usr/sbin/inetd
433 ? S 0:00 /usr/sbin/sshd
440 ? S 0:02 /usr/sbin/crond -l10
442 ? S 0:00 /usr/sbin/atd -b 15 -l 1
445 ? S 0:33 sendmail: accepting connections
448 ? S 0:00 sendmail: Queue runner@00:25:00 for /var/spool/clientmqueue
452 ? S 4:19 /usr/bin/spamd -c -d
468 ? S 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/run/mysql/mysql.pid --skip-networking
498 ? S 12:22 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysql/mysql.pid --skip-locking --port=3306 --socket=/var/run/mysql/mysql.sock --skip-networking
504 ? S 0:18 /usr/sbin/httpd
506 ? S 0:00 /usr/sbin/gpm -m /dev/mouse -t ps2
524 ? S 0:12 /usr/bin/perl /usr/local/webmin/miniserv.pl /etc/webmin/miniserv.conf
529 ? S 13:21 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
547 tty1 S 0:00 /sbin/agetty 38400 tty1 linux
548 tty2 S 0:00 /sbin/agetty 38400 tty2 linux
549 tty3 S 0:00 /sbin/agetty 38400 tty3 linux
550 tty4 S 0:00 /sbin/agetty 38400 tty4 linux
551 tty5 S 0:00 /sbin/agetty 38400 tty5 linux
552 tty6 S 0:00 /sbin/agetty 38400 tty6 linux
2405 ? S 0:00 popa3d
3400 ? S 0:00 popa3d
3887 ? S 0:00 popa3d
4286 ? S 0:00 popa3d
6493 ? S 0:00 popa3d
7698 ? S 0:00 popa3d
9037 ? S 0:00 popa3d
9119 ? S 0:00 popa3d
9162 ? S 0:00 popa3d
9237 ? S 0:00 popa3d
9243 ? S 0:00 popa3d
9333 ? S 0:00 popa3d
9626 ? S 0:00 popa3d
9718 ? S 0:00 popa3d
14374 ? S 9:04 spamd child
16229 ? S 0:00 popa3d
16234 ? S 0:00 popa3d
20982 ? S 0:08 spamd child
25253 ? S 0:00 /usr/sbin/httpd
25254 ? S 0:00 /usr/sbin/httpd
25255 ? S 0:00 /usr/sbin/httpd
25256 ? S 0:00 /usr/sbin/httpd
25257 ? S 0:00 /usr/sbin/httpd
25259 ? S 0:00 /usr/sbin/httpd
25270 ? S 0:00 /usr/sbin/httpd
25308 ? S 0:00 /usr/sbin/httpd
25313 ? S 0:00 /usr/sbin/httpd
25314 ? S 0:00 /usr/sbin/httpd
25959 ? S 0:00 popa3d
25964 ? S 0:00 in.comsat
25969 ? S 0:00 sshd: plisken [priv]
25971 ? S 0:00 sshd: plisken@pts/0
25972 pts/0 S 0:00 -bash
25988 pts/0 R 0:00 ps -ax
netstat
Code:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:37458 localhost:smtp TIME_WAIT
tcp 0 0 server.mydomain.c:pop3 host213-121-4-193:39010 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 host213-121-4-193:37693 ESTABLISHED
tcp 0 52 server.mydomain.co:ssh host81-137-237-44:55103 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 200-170-193-170.st:4785 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 31.102.2.27:39280 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 200-170-193-170.st:4658 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 200-170-193-170.st:2163 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 host213-121-7-249:44218 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 host213-121-4-193:34780 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 200-170-193-170.st:3749 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 host213-121-4-193:34203 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 host213-121-4-193:47380 ESTABLISHED
tcp 0 0 server.mydomain.c:pop3 187-75-163-52.dsl:52617 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 19 [ ] DGRAM 476 /dev/log
unix 3 [ ] STREAM CONNECTED 118038
unix 3 [ ] STREAM CONNECTED 118037
unix 2 [ ] DGRAM 117964
unix 3 [ ] STREAM CONNECTED 96131
unix 3 [ ] STREAM CONNECTED 96130
unix 2 [ ] DGRAM 75583
unix 3 [ ] STREAM CONNECTED 67076
unix 3 [ ] STREAM CONNECTED 67075
unix 2 [ ] DGRAM 41961
unix 2 [ ] DGRAM 40720
unix 2 [ ] DGRAM 40417
unix 2 [ ] DGRAM 39971
unix 2 [ ] DGRAM 34233
unix 2 [ ] STREAM CONNECTED 29642
unix 2 [ ] DGRAM 28721
unix 2 [ ] DGRAM 18617
unix 2 [ ] DGRAM 16757
unix 2 [ ] DGRAM 14403
unix 2 [ ] DGRAM 9484
unix 2 [ ] DGRAM 629
unix 2 [ ] DGRAM 523
unix 2 [ ] DGRAM 517
unix 2 [ ] DGRAM 511
unix 2 [ ] DGRAM 480
inetd.conf
Code:
# See "man 8 inetd" for more information.
#
# If you make changes to this file, either reboot your machine or send the # inetd a HUP signal:
# Do a "ps x" as root and look up the pid of inetd. Then do a # "kill -HUP <pid of inetd>".
# The inetd will re-read this file whenever it gets that signal.
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args> # # The first 4 services are really only used for debugging purposes, so # we comment them out since they can otherwise be used for some nasty # denial-of-service attacks. If you need them, uncomment them.
# echo stream tcp nowait root internal
# echo dgram udp wait root internal
# discard stream tcp nowait root internal
# discard dgram udp wait root internal
# daytime stream tcp nowait root internal
# daytime dgram udp wait root internal
# chargen stream tcp nowait root internal
# chargen dgram udp wait root internal
time stream tcp nowait root internal
time dgram udp wait root internal
#
# These are standard services:
#
# File Transfer Protocol (FTP) server:
ftp stream tcp nowait root /usr/sbin/tcpd proftpd
#
# Telnet server:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
#
# The comsat daemon notifies the user of new mail when biff is set to y:
comsat dgram udp wait root /usr/sbin/tcpd in.comsat
#
# Shell, login, exec and talk are BSD protocols #
#shell stream tcp nowait root /usr/sbin/tcpd in.rshd -L
#login stream tcp nowait root /usr/sbin/tcpd in.rlogind
# exec stream tcp nowait root /usr/sbin/tcpd in.rexecd
# talk dgram udp wait root /usr/sbin/tcpd in.talkd
# ntalk dgram udp wait root /usr/sbin/tcpd in.talkd
#
# To use the talk daemons from KDE, comment the talk and ntalk lines above # and uncomment the ones below:
# talk dgram udp wait root /usr/sbin/tcpd /opt/kde/bin/kotalkd
# ntalk dgram udp wait root /usr/sbin/tcpd /opt/kde/bin/ktalkd
#
# Kerberos authenticated services
#
# klogin stream tcp nowait root /usr/sbin/tcpd rlogind -k
# eklogin stream tcp nowait root /usr/sbin/tcpd rlogind -k -x
# kshell stream tcp nowait root /usr/sbin/tcpd rshd -k
#
# Services run ONLY on the Kerberos server #
# krbupdate stream tcp nowait root /usr/sbin/tcpd registerd
# kpasswd stream tcp nowait root /usr/sbin/tcpd kpasswdd
#
# POP and IMAP mail servers
#
# Post Office Protocol version 3 (POP3) server:
## nowait/Max daemons/Max connections per IP per min.
#pop3 stream tcp nowait/10/3 root /usr/sbin/tcpd /usr/sbin/popa3d
pop3 stream tcp nowait/5/1/1 root /usr/sbin/tcpd /usr/sbin/popa3d
# Internet Message Access Protocol (IMAP) server:
#imap2 stream tcp nowait root /usr/sbin/tcpd imapd
#
# The Internet Unix to Unix copy (UUCP) service:
# uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l
#
# Tftp service is provided primarily for booting. Most sites # run this only on machines acting as "boot servers."
# tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
# bootps dgram udp wait root /usr/sbin/bootpd bootpd
#
# Finger, systat and netstat give out user information which may be # valuable to potential "system crackers." Many sites choose to disable # some or all of these services to improve security.
# Try "telnet localhost systat" and "telnet localhost netstat" to see that # information yourself!
# finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd -u
# systat stream tcp nowait nobody /usr/sbin/tcpd /bin/ps -auwwx
# netstat stream tcp nowait root /usr/sbin/tcpd /bin/netstat -a
#
# Ident service is used for net authentication # Since we start identd as nobody, it can't write a .pid file in /var/run, so tell it # to use /dev/null. This is of little importance unless you run identd as a # standalone daemon anyway.
auth stream tcp wait nobody /usr/sbin/in.identd in.identd -P/dev/null
#
# These are to start Samba, an smb server that can export filesystems to # Pathworks, Lanmanager for DOS, Windows for Workgroups, Windows95, Lanmanager # for Windows, Lanmanager for OS/2, Windows NT, etc.
# If you're running smbd and nmbd as daemons in /etc/rc.d/rc.samba, then you # shouldn't uncomment these lines.
#netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
#netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
#
#Samba Web Administration Tool:
#swat stream tcp nowait.400 root /usr/sbin/swat swat
#
# Sun-RPC based services.
# <service name/version><sock_type><rpc/prot><flags><user><server><args>
# rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rstatd
# rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rusersd
# walld/1 dgram rpc/udp wait root /usr/sbin/tcpd rpc.rwalld
#
# End of inetd.conf.
Under the pop3 entry, I've tried to reduce the number of spawns/instances as you can see but this is still happening as you can also see above.
Any help or pointers would be greatly appreciated.
Thanks in advance and apologies if in the wrong forum, but this is on a slack 9.1 machine |
|
|
|
|
10-25-2013, 04:00 PM
|
#2
|
|
Member
Registered: Jun 2011
Location: Danbury, CT, USA
Distribution: Kubuntu, Slackware, Debian, FreePBX
Posts: 75
Rep:
|
What's the intended purpose of this machine? Is this machine intended to be a mail server?
If not you might want to set up a firewall to block incoming connections on ports used by pop3 (e.g 110, 995) and disable external access.
In fact if this machine isn't intended to serve external connections just blocking all incoming connections might be best.
If all you want is to prevent popa3d from running you could use
to figure out where the actual file is, then use
but this is a temporary finger in the dam and a kludge at that.
Maybe I'm missing something or musunderstanding what you're asking for? |
|
|
|
|
10-28-2013, 12:10 PM
|
#3
|
|
Member
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1-15 RH 6.2/7, RHEL 6.5 SuSE 8.2/11.1, Debian 10.5
Posts: 518
Original Poster
Rep:
|
This has been serving web and mail for a number of years but lately I've noticed the number of instances of the pop3 daemon increase and wondered why.
I tried to limit it by the following line in indetd.conf but they still multiply.
Code:
pop3 stream tcp nowait/5/1/1 root /usr/sbin/tcpd /usr/sbin/popa3d
|
|
|
|
|
10-28-2013, 01:03 PM
|
#4
|
|
Member
Registered: Jun 2011
Location: Danbury, CT, USA
Distribution: Kubuntu, Slackware, Debian, FreePBX
Posts: 75
Rep:
|
From my reading it looks like your max connections suffix isn't being honored... which means by default you could get up to 256 instances...
did you reload inetd after changing the config file?
|
|
|
|
|
10-29-2013, 01:32 PM
|
#5
|
|
Member
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1-15 RH 6.2/7, RHEL 6.5 SuSE 8.2/11.1, Debian 10.5
Posts: 518
Original Poster
Rep:
|
/etc/rc.d/rc.inetd restart and a reboot for good measure 
Why would they be increasing in number though, would it be an incomplete pop session? and if this is the case, surly this would terminate after some time?
Seriously bugging me |
|
|
|
|
10-29-2013, 04:26 PM
|
#6
|
|
Member
Registered: Jun 2011
Location: Danbury, CT, USA
Distribution: Kubuntu, Slackware, Debian, FreePBX
Posts: 75
Rep:
|
I'm under the impression that popa3d generates child processes to handle each connection. I get this impression from the -D switch in the man page:
Quote:
-D With this option set, popa3d will detach and become a daemon, ac-
cepting connections on the pop3 port and forking child processes
to handle them. This has lower overhead than starting popa3d from
inetd(8) and is thus useful on busy servers to reduce load.
|
I assume it would act similarly with inetd and just abide by inetd settings when running but there's not a lot of documentation on popa3d and I haven't had the time or inclination to look through the source.
The program not respecting your inetd limits confuses me, however, is it possible it's running under both inetd and from rc scripts?. |
|
|
|
|
10-29-2013, 08:02 PM
|
#7
|
|
Member
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1-15 RH 6.2/7, RHEL 6.5 SuSE 8.2/11.1, Debian 10.5
Posts: 518
Original Poster
Rep:
|
Quote:
Originally Posted by paladin.michael
is it possible it's running under both inetd and from rc scripts?.
|
Interesting...
I'll look into this, with a slight sense of Déjà vu |
|
|
|
|
11-02-2013, 02:32 PM
|
#8
|
|
Member
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1-15 RH 6.2/7, RHEL 6.5 SuSE 8.2/11.1, Debian 10.5
Posts: 518
Original Poster
Rep:
|
Def only running from itend, there are no references in the rc scripts.
I'm now thinking that is it possible that the connections are not being properly closed by certain clients? Though this still wouldnt explain why the limits from inetd.conf are being ignored.
Any other thoughts?
Thanks
|
|
|
|
|
11-03-2013, 04:15 PM
|
#9
|
|
Member
Registered: Jun 2011
Location: Danbury, CT, USA
Distribution: Kubuntu, Slackware, Debian, FreePBX
Posts: 75
Rep:
|
After looking a little closer at your netstat output you actually only have 5 unique source I.P. addresses listed for pop3 connections, but there are a few that have multiple connections.
This email is enlightening as per managing some limiting when running popa3d in daemon mode rather than via inetd...
http://www.mail-archive.com/popa3d-u.../msg00080.html
Which might not be a bad idea if traffic on the server over time is climbing.
If you want to have a look at this mail archive, it's for the popa3d-users address, one page to view it is here:
http://www.mail-archive.com/popa3d-u....openwall.com/
There's some nice additional information in the various emails that I haven't found anywhere else and which might be useful. I'm still looking for anything which might be relevant to this specific issue, however. |
|
|
|
|
11-10-2013, 12:21 PM
|
#10
|
|
Member
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1-15 RH 6.2/7, RHEL 6.5 SuSE 8.2/11.1, Debian 10.5
Posts: 518
Original Poster
Rep:
|
Thanks, will definitely have a look!
|
|
|
|
All times are GMT -5. The time now is 08:30 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
