>Sorry it took so long to respond.. Since I am the owner and tech support I >stay pretty busy.. > >I tried to install pflogsumm but ran into errors in both the pflogsumm and >Calc-Date compilation.
perl -MCPAN -e 'install Date::Calc' >My SMTP processes were both over 50 so I increased the setting in master.cf >to 100. After restarting, my processes were just over 100 so I set them >again to 300 and after restarting they never got over 126. ok, that problem is fixed, you have enough SMTPD processes to allow valid senders to be serviced. BUT!!! more that a couple dozen SMTPD processes indicates a very busy server and/or one under serious attack, or maybe a config pb (like osirus going tits up) >I finally turned off the IMGate machine last night because most mail is >delayed by several hours while other mail never arrives. the delays were due to exhaustion of the SMTPD processes, at which point incoming calls from other servers are not answered, so they defer delivery, and defer, and defer.... but with SMTPD at 300, that exhaustion problem is fixed. >This has been going on for a few days and my customers are not happy... You are not the first to have such a problem. The defenses are well known and effective immediately. You will have to start harvesting attacking ip's from 1) the rejected maillog lines and 2) from the "smtpd.* connect from" lines and add them to nulrouting (easiest but not the best technically) or to firewall blocking (sometimes not available). These tactics will cause postfix to see a huge drop in SMTPD calls and your server will be able to function normally. you also want to set in main.cf: smtpd_hard_error_limit = 2 smtpd_soft_error_limit = 2 This will cause postfix to hang up on attackers at the 3rd error, rather than play RFC-nice with them. Len
