Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 May 2005 15:35:51 -0700
From:      "John S. Strock" <john@vqis.net>
To:        <mmiranda@americatel.com.sv>, <freebsd-questions@freebsd.org>
Subject:   RE: maxproc limit exceeded with vpopmail
Message-ID:  <20050520223553.576F743D1D@mx1.FreeBSD.org>
In-Reply-To: <76E0DAA32C39D711B6EC0002B364A6FA045A9FCC@amsal01exc01.americatel.com.sv>
next in thread | previous in thread | raw e-mail | index | archive | help 

Sysctl kern.maxproc=6164

And in /etc/login.conf, under default:\, maxprox=unlimited
(and I don't have any other classes)

6164 seems like a lot, this server is a mail and samba server.  There are
only a couple of users.

Here's a little more background...This server was cracked into over the
weekend.  This is a FreeBSD 4.10 server and the cracker either guessed (many
brute force attempts documented in logs, but who doesn't get those) or it
was a previous employee.  It just so happens the cracker was able to get in
using an account of an employee who was just let go (we're currently
investigating and have reported this to police in case it WAS this
employee).  Using .history, we were able to see that the he/she downloaded a
few files and tried to install them.  It *appears* the only thing they were
able to do was inject thousands (67gb worth) of the same e-mail into our
mail server.  This is how we first encountered the issue, users were
reporting problems with the server and the partition was maxed out.  During
this cleanup and discovery process, we discovered the error I originally
reported in /var/log/messages.  I'm *assuming* that since we've cleaned up
our system and our mail queue is back to normal, that these errors may have
existed prior to being cracked, but in case they may be related, above is
the additional information.

Any ideas?

Thanks again,

John

-----Original Message-----
From: mmiranda@americatel.com.sv [mailto:mmiranda@americatel.com.sv] 
Sent: Friday, May 20, 2005 2:38 PM
To: john@vqis.net; freebsd-questions@freebsd.org
Subject: RE: maxproc limit exceeded with vpopmail

owner-freebsd-questions@freebsd.org wrote:
> We keep getting the following error on the console every 2 minutes:
> 
> 
> 
> "May 20 13:30:45 mail /kernel: maxproc limit exceeded by uid 1111,
> please see tuning(7) and login.conf(5)."
> 
> 
> 
> Uid 1111 is vpopmail.  Any ideas?
> 

Increase maxproc limit?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050520223553.576F743D1D>