maxproc limit exceeded with vpopmail

John S. Strock john at vqis.net
Fri May 20 15:35:53 PDT 2005


Sysctl kern.maxproc=6164

And in /etc/login.conf, under default:\, maxprox=unlimited
(and I don't have any other classes)

6164 seems like a lot, this server is a mail and samba server.  There are
only a couple of users.

Here's a little more background...This server was cracked into over the
weekend.  This is a FreeBSD 4.10 server and the cracker either guessed (many
brute force attempts documented in logs, but who doesn't get those) or it
was a previous employee.  It just so happens the cracker was able to get in
using an account of an employee who was just let go (we're currently
investigating and have reported this to police in case it WAS this
employee).  Using .history, we were able to see that the he/she downloaded a
few files and tried to install them.  It *appears* the only thing they were
able to do was inject thousands (67gb worth) of the same e-mail into our
mail server.  This is how we first encountered the issue, users were
reporting problems with the server and the partition was maxed out.  During
this cleanup and discovery process, we discovered the error I originally
reported in /var/log/messages.  I'm *assuming* that since we've cleaned up
our system and our mail queue is back to normal, that these errors may have
existed prior to being cracked, but in case they may be related, above is
the additional information.

Any ideas?

Thanks again,

John

-----Original Message-----
From: mmiranda at americatel.com.sv [mailto:mmiranda at americatel.com.sv] 
Sent: Friday, May 20, 2005 2:38 PM
To: john at vqis.net; freebsd-questions at freebsd.org
Subject: RE: maxproc limit exceeded with vpopmail

owner-freebsd-questions at freebsd.org wrote:
> We keep getting the following error on the console every 2 minutes:
> 
> 
> 
> "May 20 13:30:45 mail /kernel: maxproc limit exceeded by uid 1111,
> please see tuning(7) and login.conf(5)."
> 
> 
> 
> Uid 1111 is vpopmail.  Any ideas?
> 

Increase maxproc limit?



More information about the freebsd-questions mailing list