Squirrelmaill Issue

SquirrelMail Issue:  One of our users was at the Login Page and tossed
something down on their desk that kept the Enter key on their keyboard
depressed. This caused the number of httpd processes on the server to
increase at a rapid rate until the max number of 8000 httpd sessions, as
set in httpd.conf, was reached causing the webpage to no longer be
available to any other users until restarting the httpd service. I am able
to reproduce the issue by holding down on the Enter key.

SquirrelMail Version: 1.4.19
Installed Plugins:
    1. administrator
    2. compatibility
    3. username
    4. compose_extras
    5. squirrelspell
    6. show_headers
    7. addgraphics
    8. msg_flags
    9. quicksave
    10. timeout_user
    11. unsafe_image_rules
PHP Version: 5.2.17
Web Server: Apache 2.2.17
IMAP server: Courier-IMAP 4.3.1
SMTP server: Qmail 1.0.3
OS Version: Red Hat Enterprise Linux 5.11
Installed By: Following qmailrocks.org instructions in 2009
Browser: Internet Explorer 11


Derek Wnek


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

On Tue, 2 May 2017, [hidden email] wrote:

This sounds like a http ddos issue rather than a squirrelmail issue.
Since squirrelmail is a php application that depends on an http server to
serve data the place to limit connections is in the http layer itself.

Maybe you should look into something like mod_limitipconn to limit
requests per ip directly inside apache.

A quick google search on mod_limitipconn turns up plenty of how-tos.


Ted Hatfield

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

Thanks Ted,  Unfortunately, our aquirrelmail servers are behind an F5 load balancer that proxies connections so all we see on the mail servers is the IP of the load balancer. As previously stated I can reproduce the exact same problem against our test server by simply clicking in the login field and then holding down on the Enter key. I am looking for a fix that would modify the login.php to only permit a one time submit (permit only 1 submit).  I am amazed that no one else has ever experienced or reported this prior to now.

r/Derek


   Ted Hatfield --- Re: [SM-USERS] Squirrelmaill Issue ---
    From:"Ted Hatfield" <[hidden email]>To:"Squirrelmail User Support Mailing List" <[hidden email]>Date:Tue, May 2, 2017 7:05 PMSubject:Re: [SM-USERS] Squirrelmaill Issue
 
    On Tue, 2 May 2017, [hidden email] wrote:>> SquirrelMail
Issue:  One of our users was at the Login Page and tossed> something
down on their desk that kept the Enter key on their keyboard>
depressed. This caused the number of httpd processes on the server to>
increase at a rapid rate until the max number of 8000 httpd sessions,
as> set in httpd.conf, was reached causing the webpage to no longer be>
available to any other users until restarting the httpd service. I am
able> to reproduce the issue by holding down on the Enter key.>>
SquirrelMail Version:    1.4.19> Installed Plugins:>    1.
administrator>    2. compatibility>    3. username>    4.
compose_extras>    5. squirrelspell>    6. show_headers>    7.
addgraphics>    8. msg_flags>    9. quicksave>    10. timeout_user>  
11. unsafe_image_rules> PHP Version:    5.2.17> Web Server:    Apache
2.2.17> IMAP server:    Courier-IMAP 4.3.1> SMTP server:    Qmail
1.0.3> OS Version:    Red Hat Enterprise Linux 5.11> Installed By:  
Following qmailrocks.org instructions in 2009> Browser:    Internet
Explorer 11>>> Derek Wnek>>>
------------------------------------------------------------------------------>
Check out the vibrant tech community on one of the world's most>
engaging tech sites, Slashdot.org!
https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=DQOk1h9dvX0xRcNQHKPB9_znru-_VoQNelOZTdu4ac4&r=UwwnarvPwFmVFDZqPSanaR8z_zwbBD3CHVL0bDcwvYU&m=h9UCMKt_0lsrX9UP2u1uVIgt8OA5tS64Lt3mnmz7_1A&s=wBN8xIRHzXBdoLGqww2MlHqcF87unUm_31Df8Uh55tY&e=
> -----This sounds like a http ddos issue rather than a squirrelmail
issue. Since squirrelmail is a php application that depends on an http
server to serve data the place to limit connections is in the http
layer itself.Maybe you should look into something like mod_limitipconn
to limit requests per ip directly inside apache.A quick google search
on mod_limitipconn turns up plenty of how-tos.Ted
Hatfield------------------------------------------------------------------------------Check
out the vibrant tech community on one of the world's mostengaging tech
sites, Slashdot.org!
https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=DQOk1h9dvX0xRcNQHKPB9_znru-_VoQNelOZTdu4ac4&r=UwwnarvPwFmVFDZqPSanaR8z_zwbBD3CHVL0bDcwvYU&m=h9UCMKt_0lsrX9UP2u1uVIgt8OA5tS64Lt3mnmz7_1A&s=wBN8xIRHzXBdoLGqww2MlHqcF87unUm_31Df8Uh55tY&e=
-----squirrelmail-users mailing listPosting guidelines:
https://urldefense.proofpoint.com/v2/url?u=http-3A__squirrelmail.org_postingguidelines&d=DwICAg&c=DQOk1h9dvX0xRcNQHKPB9_znru-_VoQNelOZTdu4ac4&r=UwwnarvPwFmVFDZqPSanaR8z_zwbBD3CHVL0bDcwvYU&m=h9UCMKt_0lsrX9UP2u1uVIgt8OA5tS64Lt3mnmz7_1A&s=2y7fSzj03Szoz3eturbVPcXp7sRON41B0e_cJcYLHN0&e=
List address: [hidden email] archives:
https://urldefense.proofpoint.com/v2/url?u=http-3A__news.gmane.org_gmane.mail.squirrelmail.user&d=DwICAg&c=DQOk1h9dvX0xRcNQHKPB9_znru-_VoQNelOZTdu4ac4&r=UwwnarvPwFmVFDZqPSanaR8z_zwbBD3CHVL0bDcwvYU&m=h9UCMKt_0lsrX9UP2u1uVIgt8OA5tS64Lt3mnmz7_1A&s=ynCMOhZvLKDy6pAgnEhl8jfiYkUqpFifkoGA1stEXSQ&e=
List info (subscribe/unsubscribe/change options):
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_squirrelmail-2Dusers&d=DwICAg&c=DQOk1h9dvX0xRcNQHKPB9_znru-_VoQNelOZTdu4ac4&r=UwwnarvPwFmVFDZqPSanaR8z_zwbBD3CHVL0bDcwvYU&m=h9UCMKt_0lsrX9UP2u1uVIgt8OA5tS64Lt3mnmz7_1A&s=Ht7q_L0iAdflQFyxuOuJsN6uAE203RrgKYtgJ7Zqe6A&e=
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users