Re: Disabling incoming SMTP connections: Client limit reached

Kirill A . Korinsky Fri, 12 Apr 2024 00:55:48 -0700

Greetings,

On Fri, 12 Apr 2024 09:01:32 +0200,
[email protected] wrote:
> 
> This looks like clients hogging connections and not releasing them, or a leak
> within a filter.
> 
> - what do you see with the `fstat` command when the issue happens ?
> - do you see unusual trafic in your logs and/or `netstat` ?
> - any local script gone wrong in you `ps` output ?
> - and more importantly what's your configuration file like ?
>


Unfortently I've restarted both mail server, and I can't answer to your
questions other than provide a config.

I've double checked it right now, and for 9 hours it hasn't got any unusual
issue.

Anyway, I've noticed an issue in hours, like 20.

> Give more details please

I'll try to give everything that I can. If you need more, feel free to ask.

1. smtpd.conf

I've removed srs keys, comments and short the list of used DNSBL:

    pki mx.catap.net cert "/etc/ssl/mx.catap.net.crt"
    pki mx.catap.net key  "/etc/ssl/private/mx.catap.net.key"

    table aliases        file:/etc/mail/aliases
    table domains        file:/etc/mail/domains
    table credentials    passwd:/etc/mail/credentials

    queue ttl 7d
    bounce warn-interval 1h, 1d, 3d, 6d

    admd mx.catap.net

    smtp max-message-size 100M

    listen on socket

    action "local_mail" mbox alias <aliases>
    match from local for local action "local_mail"

    filter admdscrub proc-exec "filter-admdscrub -s"
    filter "auth" proc-exec "filter-auth"

    filter dnsbl proc-exec "filter-dnsbl -m \
           all.s5h.net \
           -w list.dnswl.org \
           zen.spamhaus.org \
           bl.local \
           -w wl.local "

    listen on egress inet4 port smtp tls pki mx.catap.net \
           filter { admdscrub, "auth", dnsbl }

    action deliver_lmtp lmtp "/var/dovecot/lmtp" rcpt-to virtual <aliases>
    match from any for domain <domains> action deliver_lmtp

    filter dkimsign_rsa proc-exec "filter-dkimsign -a rsa-sha1 -D 
/etc/mail/domains \
           -s 20240125_rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign 
group _dkimsign

    filter dkimsign_ed25519 proc-exec "filter-dkimsign -a ed25519-sha256 -D 
/etc/mail/domains \
           -s 20240125_ed25519 -k /etc/mail/dkim/20240125.ed25519.key" user 
_dkimsign group _dkimsign

    filter dkimsign chain { dkimsign_rsa }

    listen on egress port smtps \
           smtps pki mx.catap.net auth <credentials> mask-src filter dkimsign
    listen on egress port submission \
           tls-require pki mx.catap.net auth <credentials> mask-src filter 
dkimsign

    action "outbound" relay srs
    match from any auth for any action "outbound"

2. filters

Almost all used filters is the fork with minimal changes, I plan to backport
it as soon as it stable enough. Anyway, the code available here:
 - https://github.com/catap/opensmtpd-filter-dkimsign
 - https://github.com/catap/opensmtpd-filter-dnsbl
 - https://github.com/catap/opensmtpd-filter-admdscrub

Plus I use a filter which implemets SPF and DKMI verify in one call which
is a good candidate to be be a source of leaking because before this error
message, it was warn of missed SPF domain from it. So, the source is here
https://github.com/catap/opensmtpd-filter-auth

3. Output of fstat | grep smtpd:

    _smtpd   filter-dnsbl 72770 text /        50153232  -rwxr-xr-x     r    
13864
    _smtpd   filter-dnsbl 72770   wd /               2  drwxr-xr-x     r      
512
    _smtpd   filter-dnsbl 72770    0* unix stream 0x0
    _smtpd   filter-dnsbl 72770    1* unix stream 0x0
    _smtpd   filter-dnsbl 72770    2* unix stream 0x0
    _smtpd   filter-dnsbl 72770    3 kqueue 0x0 0 state: W
    _smtpd   filter-auth 57529 text /        50161556  -rwxr-xr-x     r    91888
    _smtpd   filter-auth 57529   wd /               2  drwxr-xr-x     r      512
    _smtpd   filter-auth 57529    0* unix stream 0x0
    _smtpd   filter-auth 57529    1* unix stream 0x0
    _smtpd   filter-auth 57529    2* unix stream 0x0
    _smtpd   filter-auth 57529    3 kqueue 0x0 0 state: W
    _smtpd   filter-admdscrub 67397 text /        50153229  -rwxr-xr-x     r    
25688
    _smtpd   filter-admdscrub 67397   wd /               2  drwxr-xr-x     r    
  512
    _smtpd   filter-admdscrub 67397    0* unix stream 0x0
    _smtpd   filter-admdscrub 67397    1* unix stream 0x0
    _smtpd   filter-admdscrub 67397    2* unix stream 0x0
    _smtpd   filter-admdscrub 67397    3 kqueue 0x0 0 state: W
    _smtpd   table-passwd 44437 text /        50153223  -rwxr-xr-x     r    
45000
    _smtpd   table-passwd 44437   wd /               2  drwxr-xr-x     r      
512
    _smtpd   table-passwd 44437    0* unix stream 0x0
    _smtpd   table-passwd 44437    1 /         3875217  crw-rw-rw-    rw     
null
    _smtpd   table-passwd 44437    2 /         3875217  crw-rw-rw-    rw     
null
    _smtpd   smtpd      16336 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd      16336   wd /               2  drwxr-xr-x     r      512
    _smtpd   smtpd      16336    0* unix stream 0x0
    _smtpd   smtpd      16336    1* unix stream 0x0
    _smtpd   smtpd      16336    2* unix stream 0x0
    _dkimsig smtpd      94392 text /        50051231  -r-xr-xr-x     r   532008
    _dkimsig smtpd      94392   wd /               2  drwxr-xr-x     r      512
    _dkimsig smtpd      94392    0* unix stream 0x0
    _dkimsig smtpd      94392    1* unix stream 0x0
    _dkimsig smtpd      94392    2* unix stream 0x0
    _dkimsig smtpd      34446 text /        50051231  -r-xr-xr-x     r   532008
    _dkimsig smtpd      34446   wd /               2  drwxr-xr-x     r      512
    _dkimsig smtpd      34446    0* unix stream 0x0
    _dkimsig smtpd      34446    1* unix stream 0x0
    _dkimsig smtpd      34446    2* unix stream 0x0
    _smtpd   smtpd      20966 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd      20966   wd /               2  drwxr-xr-x     r      512
    _smtpd   smtpd      20966    0* unix stream 0x0
    _smtpd   smtpd      20966    1* unix stream 0x0
    _smtpd   smtpd      20966    2* unix stream 0x0
    _smtpd   smtpd      83350 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd      83350   wd /               2  drwxr-xr-x     r      512
    _smtpd   smtpd      83350    0* unix stream 0x0
    _smtpd   smtpd      83350    1* unix stream 0x0
    _smtpd   smtpd      83350    2* unix stream 0x0
    _smtpd   smtpd      13249 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd      13249   wd /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd      13249 root /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd      13249    0 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      13249    1 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      13249    2 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      13249    3* unix stream 0x0
    _smtpd   smtpd      13249    4* unix stream 0x0
    _smtpd   smtpd      13249    5* unix stream 0x0
    _smtpd   smtpd      13249    6 kqueue 0x0 0 state: W
    _smtpq   smtpd      47452 text /        50051231  -r-xr-xr-x     r   532008
    _smtpq   smtpd      47452   wd /        53608491  drwx--x--x     r      512
    _smtpq   smtpd      47452 root /        53608491  drwx--x--x     r      512
    _smtpq   smtpd      47452    0 /         3875217  crw-rw-rw-    rw     null
    _smtpq   smtpd      47452    1 /         3875217  crw-rw-rw-    rw     null
    _smtpq   smtpd      47452    2 /         3875217  crw-rw-rw-    rw     null
    _smtpq   smtpd      47452    3* unix stream 0x0
    _smtpq   smtpd      47452    4* unix stream 0x0
    _smtpq   smtpd      47452    5* unix stream 0x0
    _smtpq   smtpd      47452    6* unix stream 0x0
    _smtpq   smtpd      47452    7* unix stream 0x0
    _smtpq   smtpd      47452    8 kqueue 0x0 0 state: W
    _smtpd   smtpd       1577 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd       1577   wd /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd       1577 root /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd       1577    0 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd       1577    1 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd       1577    2 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd       1577    3* unix stream 0x0
    _smtpd   smtpd       1577    4* unix stream 0x0
    _smtpd   smtpd       1577    5* unix stream 0x0
    _smtpd   smtpd       1577    6* unix stream 0x0
    _smtpd   smtpd       1577    7* unix stream 0x0
    _smtpd   smtpd       1577    8* internet stream tcp 0x0 162.55.82.72:25
    _smtpd   smtpd       1577    9* internet stream tcp 0x0 162.55.82.72:465
    _smtpd   smtpd       1577   10* internet stream tcp 0x0 162.55.82.72:587
    _smtpd   smtpd       1577   11 kqueue 0x0 0 state: W
    _smtpd   smtpd       1577   12* internet stream tcp 0x0 *:0
    _smtpd   smtpd       1577   14* internet stream tcp 0x0 162.55.82.72:25 <-- 
196.47.128.166:5180
    _smtpd   smtpd       1577   15* internet stream tcp 0x0 162.55.82.72:465 
<-- 194.169.175.17:33440
    _smtpd   smtpd       1577   16* internet stream tcp 0x0 162.55.82.72:465 
<-- 194.169.175.17:40772
    _smtpd   smtpd      32872 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd      32872   wd /               2  drwxr-xr-x     r      512
    _smtpd   smtpd      32872    0 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      32872    1 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      32872    2 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      32872    3* unix stream 0x0
    _smtpd   smtpd      32872    4* unix stream 0x0
    _smtpd   smtpd      32872    5* unix stream 0x0
    _smtpd   smtpd      32872    6* unix stream 0x0
    _smtpd   smtpd      32872    7 kqueue 0x0 0 state: W
    _smtpd   smtpd      32872    8* unix stream 0x0
    _smtpd   smtpd      32872    9* unix stream 0x0
    _smtpd   smtpd      32872   10* unix stream 0x0
    _smtpd   smtpd      32872   11* unix stream 0x0
    _smtpd   smtpd      32872   12* unix stream 0x0
    _smtpd   smtpd      32872   13* unix stream 0x0
    _smtpd   smtpd      32872   14* unix stream 0x0
    _smtpd   smtpd      32872   15* unix stream 0x0
    _smtpd   smtpd      32872   16* unix stream 0x0
    _smtpd   smtpd      32872   17* unix stream 0x0
    _smtpd   smtpd      32872   18* unix stream 0x0
    _smtpd   smtpd      69134 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd      69134   wd /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd      69134 root /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd      69134    0 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      69134    1 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      69134    2 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd      69134    3* unix stream 0x0
    _smtpd   smtpd      69134    4* unix stream 0x0
    _smtpd   smtpd      69134    5* unix stream 0x0
    _smtpd   smtpd      69134    6* unix stream 0x0
    _smtpd   smtpd      69134    7* unix stream 0x0
    _smtpd   smtpd      69134    8* unix stream 0x0
    _smtpd   smtpd      69134    9* unix stream 0x0 /var/run/smtpd.sock
    _smtpd   smtpd      69134   10 kqueue 0x0 0 state: W
    _smtpd   smtpd      69134   11* unix stream 0x0 /var/run/smtpd.sock
    _smtpd   smtpd       5802 text /        50051231  -r-xr-xr-x     r   532008
    _smtpd   smtpd       5802   wd /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd       5802 root /        53608468  drwxr-xr-x     r      512
    _smtpd   smtpd       5802    0 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd       5802    1 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd       5802    2 /         3875217  crw-rw-rw-    rw     null
    _smtpd   smtpd       5802    3* unix stream 0x0
    _smtpd   smtpd       5802    4* unix stream 0x0
    _smtpd   smtpd       5802    5* unix stream 0x0
    _smtpd   smtpd       5802    6 kqueue 0x0 0 state: W
    root     smtpd      33685 text /        50051231  -r-xr-xr-x     r   532008
    root     smtpd      33685   wd /               2  drwxr-xr-x     r      512
    root     smtpd      33685    0 /         3875217  crw-rw-rw-    rw     null
    root     smtpd      33685    1 /         3875217  crw-rw-rw-    rw     null
    root     smtpd      33685    2 /         3875217  crw-rw-rw-    rw     null
    root     smtpd      33685    3 kqueue 0x0 0 state: W
    root     smtpd      33685    4* unix stream 0x0
    root     smtpd      33685    5* unix stream 0x0
    root     smtpd      33685    6* unix stream 0x0
    root     smtpd      33685    7* unix stream 0x0
    root     smtpd      33685    8* unix stream 0x0
    root     smtpd      33685    9* unix stream 0x0

3. additional things

Machine runs a dovecot and local DNSBL which is contains a zone which is
created by scripts from here https://github.com/catap/harvest-white-black-DNSBL

This scripts runs few times per hour.

Thus, this is quite small setup which contains two servers for dozen of
users and about 1k-2k emails per day.

So, here the output zgrep smtpd /var/log/maillog.0.gz | tail -n 50

mx1:

    Apr 10 23:31:57 mx1 smtpd[84358]: 6ccf08015a391f74 smtp authentication 
[email protected] result=permfail
    Apr 10 23:31:58 mx1 smtpd[84358]: 6ccf08015a391f74 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:31:58 mx1 smtpd[84358]: 6ccf08015a391f74 smtp disconnected 
reason=disconnect
    Apr 10 23:31:59 mx1 smtpd[84358]: 6ccf0800b58ca58c smtp disconnected 
reason=disconnect
    Apr 10 23:32:01 mx1 smtpd[84358]: 6ccf08020453d470 smtp connected 
address=94.204.65.31 host=<unknown>
    Apr 10 23:32:02 mx1 smtpd[84358]: 6ccf08020453d470 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:32:07 mx1 smtpd[84358]: 6ccf08020453d470 smtp authentication 
user=kirill result=permfail
    Apr 10 23:32:08 mx1 smtpd[84358]: 6ccf08020453d470 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:32:09 mx1 smtpd[84358]: 6ccf08030d5e5785 smtp connected 
address=157.90.134.25 host=www1.wmdd.de
    Apr 10 23:32:09 mx1 smtpd[84358]: 6ccf08020453d470 smtp disconnected 
reason=disconnect
    Apr 10 23:32:10 mx1 smtpd[84358]: 6ccf08030d5e5785 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:32:10 mx1 smtpd[69523]: auth: 6ccf08030d5e5785 spf_record_new: 
    Apr 10 23:32:23 mx1 smtpd[84358]: 6ccf080432179b7a smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 10 23:32:35 mx1 smtpd[84358]: 6ccf080432179b7a smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:33:04 mx1 smtpd[84358]: 6ccf080432179b7a smtp authentication 
[email protected] result=permfail
    Apr 10 23:33:05 mx1 smtpd[84358]: 6ccf080432179b7a smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:33:09 mx1 smtpd[84358]: 6ccf080432179b7a smtp disconnected 
reason=disconnect
    Apr 10 23:33:29 mx1 smtpd[84358]: 6ccf0805d4222851 smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 10 23:33:43 mx1 smtpd[84358]: 6ccf0805d4222851 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:34:17 mx1 smtpd[84358]: 6ccf0805d4222851 smtp authentication 
[email protected] result=permfail
    Apr 10 23:34:17 mx1 smtpd[84358]: 6ccf0805d4222851 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:34:23 mx1 smtpd[84358]: 6ccf0805d4222851 smtp disconnected 
reason=disconnect
    Apr 10 23:34:34 mx1 smtpd[84358]: 6ccf0806a1883889 smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 10 23:34:50 mx1 smtpd[84358]: 6ccf0806a1883889 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:34:51 mx1 smtpd[84358]: warn: Disabling incoming SMTP 
connections: Client limit reached
    Apr 10 23:35:21 mx1 smtpd[84358]: 6ccf0806a1883889 smtp authentication 
[email protected] result=permfail
    Apr 10 23:35:21 mx1 smtpd[84358]: 6ccf0806a1883889 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:35:26 mx1 smtpd[84358]: 6ccf0806a1883889 smtp disconnected 
reason=disconnect
    Apr 10 23:35:26 mx1 smtpd[84358]: warn: smtp: fd exhaustion over, 
re-enabling incoming connections
    Apr 10 23:35:26 mx1 smtpd[84358]: warn: Disabling incoming SMTP 
connections: Client limit reached
    Apr 10 23:35:26 mx1 smtpd[84358]: 6ccf0807ee9b507b smtp connected 
address=91.235.247.80 host=<unknown>
    Apr 10 23:35:26 mx1 smtpd[84358]: 6ccf0807ee9b507b smtp disconnected 
reason=disconnect
    Apr 10 23:35:26 mx1 smtpd[84358]: warn: smtp: fd exhaustion over, 
re-enabling incoming connections
    Apr 10 23:35:28 mx1 smtpd[84358]: 6ccf0808881acbea smtp connected 
address=221.155.66.205 host=<unknown>
    Apr 10 23:35:28 mx1 smtpd[84358]: 6ccf0808881acbea smtp disconnected 
reason=disconnect
    Apr 10 23:35:39 mx1 smtpd[84358]: 6ccf08091d72be29 smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 10 23:35:53 mx1 smtpd[84358]: 6ccf08091d72be29 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:36:20 mx1 smtpd[84358]: 6ccf08091d72be29 smtp authentication 
[email protected] result=permfail
    Apr 10 23:36:20 mx1 smtpd[84358]: 6ccf08091d72be29 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:36:28 mx1 smtpd[84358]: 6ccf08091d72be29 smtp disconnected 
reason=disconnect
    Apr 10 23:36:44 mx1 smtpd[84358]: 6ccf080a4596f230 smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 10 23:36:53 mx1 smtpd[84358]: 6ccf080a4596f230 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 10 23:37:10 mx1 smtpd[84358]: warn: Disabling incoming SMTP 
connections: Client limit reached
    Apr 10 23:37:21 mx1 smtpd[84358]: 6ccf080a4596f230 smtp authentication 
[email protected] result=permfail
    Apr 10 23:37:22 mx1 smtpd[84358]: 6ccf080a4596f230 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 10 23:37:25 mx1 smtpd[84358]: 6ccf080a4596f230 smtp disconnected 
reason=disconnect
    Apr 10 23:37:25 mx1 smtpd[84358]: warn: smtp: fd exhaustion over, 
re-enabling incoming connections
    Apr 10 23:37:25 mx1 smtpd[84358]: 6ccf080baa2709a1 smtp connected 
address=157.90.134.25 host=www1.wmdd.de
    Apr 10 23:37:25 mx1 smtpd[69523]: auth: 6ccf080baa2709a1 spf_record_new: 
    Apr 10 23:37:43 mx1 smtpd[84358]: warn: Disabling incoming SMTP 
connections: Client limit reached

mx2:

    Apr 11 05:05:19 mx2 smtpd[35705]: 3f9f81f4ed6ea8ec smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:05:26 mx2 smtpd[35705]: 3f9f81f4ed6ea8ec smtp disconnected 
reason=disconnect
    Apr 11 05:05:40 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:05:51 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:06:17 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp authentication 
[email protected] result=permfail
    Apr 11 05:06:18 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:06:25 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp disconnected 
reason=disconnect
    Apr 11 05:06:45 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:07:00 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:07:11 mx2 smtpd[35705]: 3f9f81f85ded5ca9 smtp connected 
address=157.90.134.25 host=www1.wmdd.de
    Apr 11 05:07:13 mx2 smtpd[35705]: 3f9f81f85ded5ca9 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:07:13 mx2 smtpd[12461]: auth: 3f9f81f85ded5ca9 spf_record_new: 
    Apr 11 05:07:31 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp authentication 
[email protected] result=permfail
    Apr 11 05:07:31 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:07:38 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp disconnected 
reason=disconnect
    Apr 11 05:07:40 mx2 smtpd[35705]: 3f9f81f95ac50e10 smtp connected 
address=157.90.134.25 host=www1.wmdd.de
    Apr 11 05:07:41 mx2 smtpd[35705]: 3f9f81f95ac50e10 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:07:41 mx2 smtpd[12461]: auth: 3f9f81f95ac50e10 spf_record_new: 
    Apr 11 05:07:50 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:07:59 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:08:28 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp authentication 
[email protected] result=permfail
    Apr 11 05:08:28 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:08:31 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp disconnected 
reason=disconnect
    Apr 11 05:08:55 mx2 smtpd[35705]: 3f9f81fb0208084c smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:09:05 mx2 smtpd[35705]: 3f9f81fb0208084c smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:09:30 mx2 smtpd[35705]: 3f9f81fb0208084c smtp authentication 
[email protected] result=permfail
    Apr 11 05:09:30 mx2 smtpd[35705]: 3f9f81fb0208084c smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:09:33 mx2 smtpd[35705]: 3f9f81fb0208084c smtp disconnected 
reason=disconnect
    Apr 11 05:09:59 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:10:11 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:10:36 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp authentication 
[email protected] result=permfail
    Apr 11 05:10:37 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:10:40 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp disconnected 
reason=disconnect
    Apr 11 05:11:04 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:11:15 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:11:40 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp authentication 
[email protected] result=permfail
    Apr 11 05:11:40 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:11:47 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp disconnected 
reason=disconnect
    Apr 11 05:12:09 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp connected 
address=194.169.175.10 host=<unknown>
    Apr 11 05:12:13 mx2 smtpd[35705]: 3f9f81ff7c133003 smtp connected 
address=157.90.134.25 host=www1.wmdd.de
    Apr 11 05:12:14 mx2 smtpd[12461]: auth: 3f9f81ff7c133003 spf_record_new: 
    Apr 11 05:12:23 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp tls 
ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
    Apr 11 05:12:41 mx2 smtpd[35705]: warn: Disabling incoming SMTP 
connections: Client limit reached
    Apr 11 05:12:57 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp authentication 
[email protected] result=permfail
    Apr 11 05:12:58 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp failed-command 
command="AUTH LOGIN (password)" result="535 Authentication failed"
    Apr 11 05:13:03 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp disconnected 
reason=disconnect
    Apr 11 05:13:03 mx2 smtpd[35705]: warn: smtp: fd exhaustion over, 
re-enabling incoming connections
    Apr 11 05:13:03 mx2 smtpd[35705]: 3f9f820021a5b7d4 smtp connected 
address=157.90.134.25 host=www1.wmdd.de
    Apr 11 05:13:03 mx2 smtpd[12461]: auth: 3f9f820021a5b7d4 spf_record_new: 
    Apr 11 05:13:14 mx2 smtpd[35705]: warn: Disabling incoming SMTP 
connections: Client limit reached

Interesting that both machine stuck after 157.90.134.25 tries to delivery
its mail twice.

Anyway, both machine has near the same uptime:

    mx1$ uptime
     9:49AM  up 42 days,  7:11, 2 users, load averages: 0.56, 1.07, 1.09
    mx1$

    mx2$ uptime
     9:49AM  up 42 days,  7:09, 1 user, load averages: 0.72, 0.64, 0.58
    mx2$ 

and was rebooted for syspatch. As far as I recall smtpd wasn't restarted by
hand until yesterday.

So, I may assume that it works for about 41 days without any issue, and
after some bad actor (157.90.134.25) tries to send something, it brokes the
machine. Both of them.

-- 
wbr, Kirill

Re: Disabling incoming SMTP connections: Client limit reached

Reply via email to