Djamu
19th May 2011, 17:33
This is an old issue that still isn't resolved on debian & derivates ( others ? )
maybe someone should include it in the howtos.
issue:
saslauthd's memory usage starts to climb handling invalid authentication requests, eventually eating all your server memory ( & swap ).
this is in fact a very serious issue, as it facilitates (D)DOS attacks by someone sending lots of crap auth. requests until the OOM process killer kicks in.
there's an easy workaround by changing /etc/default/saslauthd
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
to
OPTIONS="-n 0 -c -m /var/spool/postfix/var/run/saslauthd -r"
adding "-n 0" effectively prevents the saslauthd daemon from using thread processes by using forks instead.
( on 1 of my servers it used up 8GB and 16GB swap.... which was freed up instantaneously upon changing the config and invoking /etc/init.d/saslauthd restart )
if anybody has a better solution.. feel free to post
my 5 cents
maybe someone should include it in the howtos.
issue:
saslauthd's memory usage starts to climb handling invalid authentication requests, eventually eating all your server memory ( & swap ).
this is in fact a very serious issue, as it facilitates (D)DOS attacks by someone sending lots of crap auth. requests until the OOM process killer kicks in.
there's an easy workaround by changing /etc/default/saslauthd
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
to
OPTIONS="-n 0 -c -m /var/spool/postfix/var/run/saslauthd -r"
adding "-n 0" effectively prevents the saslauthd daemon from using thread processes by using forks instead.
( on 1 of my servers it used up 8GB and 16GB swap.... which was freed up instantaneously upon changing the config and invoking /etc/init.d/saslauthd restart )
if anybody has a better solution.. feel free to post
my 5 cents