Selon Avinash Sultanpur <[EMAIL PROTECTED]>: > Hello Everybody, > > Sometime during the night (IST +0530) my server gets swamped by new > SMTP connections and within no time (within a matter of a minute) I > get warning messages in syslog which says "corieresmtpd: 30 maximum > active connections". After this I see no activity at all, the server > just freezes and I can't even log in. > > Sample log: > > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:82.57.26.129] > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:201.254.94.70] > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:91.165.247.125] > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:59.144.40.9] > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:59.144.40.9] > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:122.168.4.201] > Feb 22 00:36:56 mail courieresmtpd: started,ip=[::ffff:87.240.35.133] > Feb 22 00:38:03 mail courieresmtpd: started,ip=[::ffff:91.165.247.125] > Feb 22 00:39:04 mail courieresmtpd: started,ip=[::ffff:83.30.139.202] > Feb 22 00:39:04 mail courieresmtpd: started,ip=[::ffff:122.168.4.201] > Feb 22 00:39:04 mail courieresmtpd: 26 active connections. > Feb 22 00:39:04 mail courieresmtpd: 30 maximum active connections. > Feb 22 00:40:12 mail courieresmtpd: 30 maximum active connections. > Feb 22 00:41:14 mail courieresmtpd: 30 maximum active connections. > Feb 22 00:42:20 mail courieresmtpd: started,ip=[::ffff:213.140.19.112] > Feb 22 00:42:20 mail courieresmtpd: started,ip=[::ffff:90.20.83.55] > > I had scheduled a cron job to log the load average and memory usage, > and the load average stays well below 1 and no swapping happens. One > more thing to note is that these connections are all from a different > IP address and most of them are dynamic. Some of these connections > were rejected just minutes earlier due to listing in spamhaus but they > never got rejected after exceeding the connections. > > After this stage (after exceeding the connections) there is no other > logs in the syslog other than the "maximum active connections" warning > by courieresmtpd. Only a reset brings back the server to a working > condition. This happens repeatedly, night after night. I have tried > varying the MAXDAEMON option, increased my RAM to 1GB, disabled > filters (pythonfilter, clamcour), disabled DNS lookups but nothing has > helped. Please help me solve this problem. > > I use debian with courier-mta version 0.53.3 and clamcour version > 0.3.8, have enabled sbl-xbl.spamhaus.org look-ups. > > -Avinash. >
It looks like a DDoS... Spammers would become more aggressive than they already were in the past? What did you specify in esmtptimeout ? If no more connections are allowed, it means that connections are still opened. It could be interesting to snif what these IP are trying to do. HTH. Jerome ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
