Hey all..
On one of my older servers I noticed CPU usage going up, and very high RAM usage starting the end of May. For the last sveral days, these have been high.
As I started digging I see named-unamed is generating most of the usage. I can literally watch the /var/log/messages file scroll by, with dozens of lame server messages every couple seconds.
I thought A spammer was trying to use the system, made sure I didn't have an open relay, etc. and all seems OK.
Mail logs don't show anything unusual.... but I see this in WHM mail delivery stats:
Top 50 host destinations by message count
-----------------------------------------
10319 47MB local
811 2957KB mail.customerdomain.com
17 356KB mx01.mail.bellsouth.net
11 225KB mx00.mail.bellsouth.net
9 56KB mx2.hotmail.com
Notice the local number.... awfully high.
It appears I have a "dictionary" style spam attack on one of my domains as well. I am getting thousands of messages like
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
which are all getting sent to :blackhole:
But I am not sure what to do to stop the high resource usage.... is it due to the "dictionary" attack?
Or is someone trying to spam through my server?
Or is this due to recursive lookups? etc.
Can anyone point me the right direction to start?
Thanks in advance.
On one of my older servers I noticed CPU usage going up, and very high RAM usage starting the end of May. For the last sveral days, these have been high.
As I started digging I see named-unamed is generating most of the usage. I can literally watch the /var/log/messages file scroll by, with dozens of lame server messages every couple seconds.
I thought A spammer was trying to use the system, made sure I didn't have an open relay, etc. and all seems OK.
Mail logs don't show anything unusual.... but I see this in WHM mail delivery stats:
Top 50 host destinations by message count
-----------------------------------------
10319 47MB local
811 2957KB mail.customerdomain.com
17 356KB mx01.mail.bellsouth.net
11 225KB mx00.mail.bellsouth.net
9 56KB mx2.hotmail.com
Notice the local number.... awfully high.
It appears I have a "dictionary" style spam attack on one of my domains as well. I am getting thousands of messages like
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
which are all getting sent to :blackhole:
But I am not sure what to do to stop the high resource usage.... is it due to the "dictionary" attack?
Or is someone trying to spam through my server?
Or is this due to recursive lookups? etc.
Can anyone point me the right direction to start?
Thanks in advance.
