You might want to see if you are the target of dictionary attacks. This was happening to my Imail server before I put IMGate in front of it, because it was under constant load from dictionary attacks. After IMGate, it runs smooth.
I was experiencing a spike in SMTPD32 memory usage as well. I was running 8.05HF3. I upgraded to 815HF1. Same problem. I checked my logs. We were under dictionary attack from the 207.224.5x.0 subnets. I blocked several class C's and all is fine now.
"check the logs"
Check for "SMTPD CONNECT" lines/hour, as most Imail versions simply cannot handle large volumes without going flaky, is one reason many IMail exasperated admins are pushed to implement IMGate.
The threshold volume isn't fixed. It's probably a function of how stressed the machine is.
E:\tmp>egrep -ic "^..:.. 00.*smtpd.*connect" sys0624.txt 8720
... is the qty for the hour "00". repeat for hours 00 - 23
To get a report of volume of connects per IP, reverse sorted by qty of connects, wraps:
egrep -i "smtpd.*connect" sys0624.txt | gawk "{print $6}" | unixsort -nf | uniq -ic | unixsort -rnf | less
... to see which individual IPs are attacking.
To get a report of volume of connects per IP, sorted by IP, wraps:
egrep -i "smtpd.*connect" sys0624.txt | gawk "{print $6}" | unixsort -nf | uniq -ic | unixsort -rnf | less
... which facilitates identifying Class C's to block.
If you have huge Imail logs, searching the log file can get very expensive later in the 24-hours, so search the imail log once with a criteria like 13:00 hour, redirect the output to text file that you can then process for other per-hour reports much faster than the imail log file.
Of course, if you run IMGate, your Imail logs shrink often by well over 75%. :)
Len
_____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
