Downtime investigated

I have investigated why the server went down today morning. Apparently, the server was a victim to a dictionary spam attack. I didn’t have any limits configured for Exim and that resulted in load avereages exceeding 60. Gucho went extremely busy another couple of times during the course of the day, but now it should be OK. I have set a few load average related limits and added few domains into the blacklist. I have also upgraded Exim to a newer version (4.40), so I hope it will run for awhile now.

# Do not do any deliveries if load average is greater that this value
queue_only_load = 12
# Do not run runq if load average is greater than this value
deliver_queue_load_max = 14
# Do not accept any SMTP sessions (except for hosts in smtp_reserve_hosts) if
# load average is greater than this value
smtp_load_reserve = 20

If anyone has any other suggestions, let me know via comments.

Leave a Comment