hi ya
On Tue, Jul 28, 2015 at 11:35:31PM -0400, Chris Ross wrote:
On Jul 28, 2015, at 21:52 , Steffan Cline steffan@hldns.com wrote:
Ok, I think I have come a little further.
When dovecot stops accepting connections, I checked netstat and found this:
[root@hosting1 ~]# netstat -an | grep 993 tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 65.39.x.x:993 184.101.x.x:36351 SYN_RECV
tcp 0 0 65.39.x.x:993 107.212.x.x:51487 SYN_RECV
tcp 0 0 65.39.x.x:993 107.212.x.x:51488 SYN_RECV
tcp 0 0 65.39.x.x:993 184.101.x.x:44650 SYN_RECV
are you sure thee are legitimate incoming imaps connections from those 107.212.x.x IP# address ??
they could just be probing your server for vulnerability before attacking what ports are used or not ... etc etc..
the fact that doveocot replies to telnet localhost 993 is a good thing, that imaps "should work" ...
you can also go one step further and check the certs belong to you: outsidePC# openssl s_client -connect imaps.your-domain.com:993
if it is your own real connnections attempts from your customers/employee, you might have a problem, that requires more info ...
if you do NOT receognized those IP#, don't worry, except that you do need to add imaps and pop3s into /etc/hosts.allow to allow legit connectons and all other script kiddies should be dropped. similarly, your firewall should be configured to tarpit un-authorized new tcp connections to port 993
This told me it wasn???t too many connections causing dovecot to be unresponsive. So then I tried via telnet.
Dovecot seems to accept connections but then just sits there and does nothing. I used the appropriate commands to try and initiate a login but nothing happens. Typing any commands at all produce no response from dovecot.
Actually, I think the above shows that it???s not a dovecot problem. A socket in a SYN_RECV state means that a connection request has been merely been received from the network. That means your kernel has not finished establishing the TCP connection, so dovecot (or the application level in general) is likely not even involved yet. I would suspect some sort of firewall config on your host, or perhaps some sort of overload at the network stack level. But, the latter only if the server were very heavily loaded.
ditto
I hope this feedback is helpful.
pixie dust alvin