 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
8 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Server hangup aft...| From | Sent On | Attachments |
|---|---|---|
| Avinash Sultanpur | Feb 22, 2007 10:19 pm | |
| jero...@free.fr | Feb 23, 2007 12:29 am | |
| Avinash Sultanpur | Feb 23, 2007 2:32 am | |
| Sam Varshavchik | Feb 23, 2007 3:59 am | |
| jero...@free.fr | Feb 23, 2007 7:08 am | |
| Gordon Messmer | Feb 23, 2007 8:29 am | |
| Jérôme Blion | Feb 23, 2007 12:29 pm | |
| Gordon Messmer | Feb 23, 2007 1:07 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] Server hangup after exceeding maximum active connections | Actions... |
|---|---|---|
| From: | jero...@free.fr (jero...@free.fr) | |
| Date: | Feb 23, 2007 12:29:07 am | |
| List: | net.sourceforge.lists.courier-users | |
Selon Avinash Sultanpur <avin...@sultanpur.org>:
Hello Everybody,
Sometime during the night (IST +0530) my server gets swamped by new SMTP connections and within no time (within a matter of a minute) I get warning messages in syslog which says "corieresmtpd: 30 maximum active connections". After this I see no activity at all, the server just freezes and I can't even log in.
Sample log:
Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:82.57.26.129] Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:201.254.94.70] Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:91.165.247.125] Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:59.144.40.9] Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:59.144.40.9] Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:122.168.4.201] Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:87.240.35.133] Feb 22 00:38:03 mail courieresmtpd: started,ip=[::ffff:91.165.247.125] Feb 22 00:39:04 mail courieresmtpd: started,ip=[::ffff:83.30.139.202] Feb 22 00:39:04 mail courieresmtpd: started,ip=[::ffff:122.168.4.201] Feb 22 00:39:04 mail courieresmtpd: 26 active connections. Feb 22 00:39:04 mail courieresmtpd: 30 maximum active connections. Feb 22 00:40:12 mail courieresmtpd: 30 maximum active connections. Feb 22 00:41:14 mail courieresmtpd: 30 maximum active connections. Feb 22 00:42:20 mail courieresmtpd: started,ip=[::ffff:213.140.19.112] Feb 22 00:42:20 mail courieresmtpd: started,ip=[::ffff:90.20.83.55]
I had scheduled a cron job to log the load average and memory usage, and the load average stays well below 1 and no swapping happens. One more thing to note is that these connections are all from a different IP address and most of them are dynamic. Some of these connections were rejected just minutes earlier due to listing in spamhaus but they never got rejected after exceeding the connections.
After this stage (after exceeding the connections) there is no other logs in the syslog other than the "maximum active connections" warning by courieresmtpd. Only a reset brings back the server to a working condition. This happens repeatedly, night after night. I have tried varying the MAXDAEMON option, increased my RAM to 1GB, disabled filters (pythonfilter, clamcour), disabled DNS lookups but nothing has helped. Please help me solve this problem.
I use debian with courier-mta version 0.53.3 and clamcour version 0.3.8, have enabled sbl-xbl.spamhaus.org look-ups.
-Avinash.
It looks like a DDoS... Spammers would become more aggressive than they already were in the past?
What did you specify in esmtptimeout ?
If no more connections are allowed, it means that connections are still opened.
It could be interesting to snif what these IP are trying to do.
HTH. Jerome