I run IMAP4rev1 2007a.403 on RHEL 5, from xinetd. I find imapd processes running under uid root that hang around indefinitely and gradually accumulate on the mail server. netstat shows that these are connected to known client addresses, and this is verified by log records showing the initial connections that spawned these processes from known, legitimate clients.
I have seen on a few occassions that these root-owned daemons accumulate to the point of maxing xinetd limits, either the total processes limit, or the per_source limit. In the case I recently investigated most (but not all) of these daemons were started up from one particular client address, and the user at that address was reporting a thunderbird message about "too many connections". Ten root-owned imapd processes were found to be connected to her comcast ip address, (ten being or xinetd per_source limit) and the log records showed some activity in the middle of the previous night from that thunderbird client, first some autologout messages, and then a series of connections every 10 minutes. I asked the user and she told me that she leaves her computer on at night, but she was not working on it at that time. I don't know of anything unusual in that user's setup. As far as I understand this problem, the client initiates an SSL connection, but for some reason the initialization does not complete. The newly spawned daemon hangs before it changes uid, and just hangs around indefinitely. I can locate records in our mail log for these connections and I see the message: "imaps SSL service init from xxx.xxx.xxx.xxx", but not the authentication message which normally follows. Can anybody offer an explanation? Thanks Richard Ketcham U.W. Dept. of Chemstry _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
