On Tue, 2011-06-14 at 21:34 +0200, Egbert Jan van den Bussche wrote:
Hi,
Sometimes a script kiddie tries to guess passwords on our mailserver (Ubuntu 10.04.2 LTS, postfix, dovecot 1.2.9, scanners, the standard stuff). That leads to a nagios message about the high number of processes. The number goes above 500.
What processes are they?
Nagios threshold is set to 250, which is more than enough for normal operation of this server. When are these processes supposed to die again? They seem to stay at the high count quite long.
Is there a way to limit the generation of extra login processes? Can I tune the login_process... params a bit? I have then all on default.
With defaults you shouldn't get more than 128 login processes, so I don't know why they would go to 500. http://wiki.dovecot.org/LoginProcess anyway may be helpful.