Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
I disabled the baysian filter and autolearn to see if that would help. I also checked the smtp logs again, and I'm still seeing entries like this: 2006-11-07 11:57:13.124734500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient 2006-11-07 11:57:13.124741500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient 2006-11-07 11:57:13.124745500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient 2006-11-07 11:57:13.124763500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient 2006-11-07 11:57:13.124768500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient 2006-11-07 11:57:13.124776500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient 2006-11-07 11:57:13.126403500 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote dom1:unknown:83.6.253.146 rcpt [EMAIL PROTECTED] : found existing recipient None of those accounts exist, yet it says found existing recipient ? I don't understand that part. Josh On 11/6/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Well, I can post what qmailtoaster mrtg is curently showing: concurrency: http://i13.tinypic.com/436j4uf.png messages: http://i13.tinypic.com/2cr0hz8.png smtp: http://i14.tinypic.com/40mbodi.png smtp allow/deny: http://i13.tinypic.com/2yw7olx.png spamd: http://i13.tinypic.com/2eocutk.png On 11/6/06, Eric Shubes [EMAIL PROTECTED] wrote: Like I said, I don't know mrtg, but what makes you doubt its accuracy? Joshua Zukerman wrote: MRTG (on the network interface) sometimes shows some peaks of traffic, like 300kbit, nothing too serious. qmailmrtg notes quite a bunch of smtp connections but I think it isn't too accurate. On 11/6/06, Eric Shubes [EMAIL PROTECTED] wrote: That looks/sounds ok to me. Is your network connection jammed when you have these unresponsive episodes? I'm not familiar with the the mrtg data, but do you see anything there that coincides with the episodes? Joshua Zukerman wrote: I use a pretty much stock qmailtoaster install. I believe the only customizations were the RBLs and my spamassassin configuration file. Here it is: # How many hits before a message is considered spam. required_score 5.0 # Change the subject of suspected spam rewrite_header subject *SPAM* # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe 1 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning bayes_auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languagesen # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS_ORDB_ORG 4 score RCVD_IN_DSBL 4 blacklist_from [addresses here] whitelist_from [addresses here] I still get quite a bit of spam into my inbox, but Thunderbird does a pretty good job of filtering that out. No errors in the spamd logs. Most e-mail scanned by spamassassin and marked as spam says it takes around 0.5 to 3 secs to scan and be marked as spam. It does appear I am seeing status 256 in my smtp log files. Here is a snip: 2006-11-06 10:44:55.701627500 tcpserver: status: 2/50 2006-11-06 10:45:02.256818500 tcpserver: status: 3/50 2006-11-06 10:45:05.314525500 tcpserver: end 5226 status 256 2006-11-06 10:45:05.314531500 tcpserver: status: 2/50 2006-11-06 10:45:11.114846500 tcpserver: end 5228 status 256 2006-11-06 10:45:11.114852500 tcpserver: status: 1/50 2006-11-06 10:45:35.024883500 tcpserver: status: 2/50 2006-11-06 10:45:39.820891500 tcpserver: end 5273 status 256 2006-11-06 10:45:39.820897500 tcpserver: status: 1/50 2006-11-06 10:46:09.466074500 tcpserver: status: 2/50 2006-11-06 10:46:13.493163500 tcpserver: end 5276 status 256 2006-11-06 10:46:13.493169500 tcpserver: status: 1/50 2006-11-06 10:46:47.935619500 tcpserver: end 5279 status 256 I do not see any errors in the clamd nor spamd logs. Thanks for the help. Josh On 11/5/06, Eric Shubes [EMAIL PROTECTED] wrote: Also, are you seeing smtp sessions end after 300 or 600 seconds with status 256? Do you see any
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
On Nov 7, 2006, at 1:30 PM, Joshua Zukerman wrote: None of those accounts exist, yet it says found existing recipient ? I don't understand that part. do you have a catchall account defined? look in qmailadmin to find out. you may want to configure your domains to drop (not bounce) messages to any undefined addresses rather then sending them to a catchall. -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
I meant to say in my original e-mail that the catchall was set to delete. I set that up again just to be sure. Josh On 11/7/06, Steve Huff [EMAIL PROTECTED] wrote: On Nov 7, 2006, at 1:30 PM, Joshua Zukerman wrote: None of those accounts exist, yet it says found existing recipient ? I don't understand that part. do you have a catchall account defined? look in qmailadmin to find out. you may want to configure your domains to drop (not bounce) messages to any undefined addresses rather then sending them to a catchall. -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
I use a pretty much stock qmailtoaster install. I believe the only customizations were the RBLs and my spamassassin configuration file. Here it is: # How many hits before a message is considered spam. required_score 5.0 # Change the subject of suspected spam rewrite_header subject *SPAM* # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe 1 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning bayes_auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languagesen # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS_ORDB_ORG 4 score RCVD_IN_DSBL 4 blacklist_from [addresses here] whitelist_from [addresses here] I still get quite a bit of spam into my inbox, but Thunderbird does a pretty good job of filtering that out. No errors in the spamd logs. Most e-mail scanned by spamassassin and marked as spam says it takes around 0.5 to 3 secs to scan and be marked as spam. It does appear I am seeing status 256 in my smtp log files. Here is a snip: 2006-11-06 10:44:55.701627500 tcpserver: status: 2/50 2006-11-06 10:45:02.256818500 tcpserver: status: 3/50 2006-11-06 10:45:05.314525500 tcpserver: end 5226 status 256 2006-11-06 10:45:05.314531500 tcpserver: status: 2/50 2006-11-06 10:45:11.114846500 tcpserver: end 5228 status 256 2006-11-06 10:45:11.114852500 tcpserver: status: 1/50 2006-11-06 10:45:35.024883500 tcpserver: status: 2/50 2006-11-06 10:45:39.820891500 tcpserver: end 5273 status 256 2006-11-06 10:45:39.820897500 tcpserver: status: 1/50 2006-11-06 10:46:09.466074500 tcpserver: status: 2/50 2006-11-06 10:46:13.493163500 tcpserver: end 5276 status 256 2006-11-06 10:46:13.493169500 tcpserver: status: 1/50 2006-11-06 10:46:47.935619500 tcpserver: end 5279 status 256 I do not see any errors in the clamd nor spamd logs. Thanks for the help. Josh On 11/5/06, Eric Shubes [EMAIL PROTECTED] wrote: Also, are you seeing smtp sessions end after 300 or 600 seconds with status 256? Do you see any errors in the spamd log? Does spamd ever max out the cpu for a period of time? Erik Espinoza wrote: rblsmtpd doesn't take up very many resources. This is probably due to spamassassin or clamav, You may want to look through the logs of the spamassassin and clamav to see if there are any issues that show through. Is this a very stock install or did you enable things, such as SURBL or Pyzor? Any more details about your configuration would be appreciated. Thanks, Erik On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: I forgot to mention the blacklists I use: -rrelays.ordb.org -rsbl-xbl.spamhaus.org -rbl.spamcop.net -rlist.dsbl.org -rdnsbl.njabl.org -rdun.dnsrbl.net I think these are all working, last time I checked. Could slow dns queries be causing my issues? On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Hello list, I run a centos 4.4 final server using qmail-toaster-1.03-1.3.5 from a few months ago. Recently, in the past couple months, I've had intermittent issues where my server becomes unresponsive for a few minutes at a time, several times a day. Unresponsive to the web server it runs, dns queries, mail, ssh etc. I tracked down the problem to random IP addresses opening a bunch of smtp processes and attempting to send spam to my server. I run a four domains and a few e-mail users of a personal nature. Nothing mission critical here. However, it is annoying the server gets pretty much tied up dealing with the spam. I checked my server to make sure it isn't an open relay, which came back clean. I have no auto-responders, nor any catch alls. I edited /var/qmail/control/concurrencyincoming to 50 instead of the 100 and that made no difference. The server is a P4 2.4ghz, with 512mb of ram, couple of drives in a Raid1 configuration, on a shared T1 line. I don't use much bandwidth, however the bandwidth is there if I need it. So I do not think this is an issue with internet connectivity. I can always ping the server remotely and all responses come back properly. I checked the smtp logs, and see random IP addresses trying to send mail to my server. No one IP address repeatedly trying to connect, so blocking IP addresses was a futile effort. I do use the blacklists and that helps somewhat. I also have spamassassin installed which helps a bit with the spam e-mails. Most of the spam e-mails are directed to non-existent e-mail accounts. Is there anything I can do to limit the amount of connections one ip address is allowed to open at
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
That looks/sounds ok to me. Is your network connection jammed when you have these unresponsive episodes? I'm not familiar with the the mrtg data, but do you see anything there that coincides with the episodes? Joshua Zukerman wrote: I use a pretty much stock qmailtoaster install. I believe the only customizations were the RBLs and my spamassassin configuration file. Here it is: # How many hits before a message is considered spam. required_score 5.0 # Change the subject of suspected spam rewrite_header subject *SPAM* # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe 1 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning bayes_auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languagesen # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS_ORDB_ORG 4 score RCVD_IN_DSBL 4 blacklist_from [addresses here] whitelist_from [addresses here] I still get quite a bit of spam into my inbox, but Thunderbird does a pretty good job of filtering that out. No errors in the spamd logs. Most e-mail scanned by spamassassin and marked as spam says it takes around 0.5 to 3 secs to scan and be marked as spam. It does appear I am seeing status 256 in my smtp log files. Here is a snip: 2006-11-06 10:44:55.701627500 tcpserver: status: 2/50 2006-11-06 10:45:02.256818500 tcpserver: status: 3/50 2006-11-06 10:45:05.314525500 tcpserver: end 5226 status 256 2006-11-06 10:45:05.314531500 tcpserver: status: 2/50 2006-11-06 10:45:11.114846500 tcpserver: end 5228 status 256 2006-11-06 10:45:11.114852500 tcpserver: status: 1/50 2006-11-06 10:45:35.024883500 tcpserver: status: 2/50 2006-11-06 10:45:39.820891500 tcpserver: end 5273 status 256 2006-11-06 10:45:39.820897500 tcpserver: status: 1/50 2006-11-06 10:46:09.466074500 tcpserver: status: 2/50 2006-11-06 10:46:13.493163500 tcpserver: end 5276 status 256 2006-11-06 10:46:13.493169500 tcpserver: status: 1/50 2006-11-06 10:46:47.935619500 tcpserver: end 5279 status 256 I do not see any errors in the clamd nor spamd logs. Thanks for the help. Josh On 11/5/06, Eric Shubes [EMAIL PROTECTED] wrote: Also, are you seeing smtp sessions end after 300 or 600 seconds with status 256? Do you see any errors in the spamd log? Does spamd ever max out the cpu for a period of time? Erik Espinoza wrote: rblsmtpd doesn't take up very many resources. This is probably due to spamassassin or clamav, You may want to look through the logs of the spamassassin and clamav to see if there are any issues that show through. Is this a very stock install or did you enable things, such as SURBL or Pyzor? Any more details about your configuration would be appreciated. Thanks, Erik On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: I forgot to mention the blacklists I use: -rrelays.ordb.org -rsbl-xbl.spamhaus.org -rbl.spamcop.net -rlist.dsbl.org -rdnsbl.njabl.org -rdun.dnsrbl.net I think these are all working, last time I checked. Could slow dns queries be causing my issues? On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Hello list, I run a centos 4.4 final server using qmail-toaster-1.03-1.3.5 from a few months ago. Recently, in the past couple months, I've had intermittent issues where my server becomes unresponsive for a few minutes at a time, several times a day. Unresponsive to the web server it runs, dns queries, mail, ssh etc. I tracked down the problem to random IP addresses opening a bunch of smtp processes and attempting to send spam to my server. I run a four domains and a few e-mail users of a personal nature. Nothing mission critical here. However, it is annoying the server gets pretty much tied up dealing with the spam. I checked my server to make sure it isn't an open relay, which came back clean. I have no auto-responders, nor any catch alls. I edited /var/qmail/control/concurrencyincoming to 50 instead of the 100 and that made no difference. The server is a P4 2.4ghz, with 512mb of ram, couple of drives in a Raid1 configuration, on a shared T1 line. I don't use much bandwidth, however the bandwidth is there if I need it. So I do not think this is an issue with internet connectivity. I can always ping the server remotely and all responses come back properly. I checked the smtp logs, and see random IP addresses trying to send mail to my server. No one IP address repeatedly trying to
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
Like I said, I don't know mrtg, but what makes you doubt its accuracy? Joshua Zukerman wrote: MRTG (on the network interface) sometimes shows some peaks of traffic, like 300kbit, nothing too serious. qmailmrtg notes quite a bunch of smtp connections but I think it isn't too accurate. On 11/6/06, Eric Shubes [EMAIL PROTECTED] wrote: That looks/sounds ok to me. Is your network connection jammed when you have these unresponsive episodes? I'm not familiar with the the mrtg data, but do you see anything there that coincides with the episodes? Joshua Zukerman wrote: I use a pretty much stock qmailtoaster install. I believe the only customizations were the RBLs and my spamassassin configuration file. Here it is: # How many hits before a message is considered spam. required_score 5.0 # Change the subject of suspected spam rewrite_header subject *SPAM* # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe 1 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning bayes_auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languagesen # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS_ORDB_ORG 4 score RCVD_IN_DSBL 4 blacklist_from [addresses here] whitelist_from [addresses here] I still get quite a bit of spam into my inbox, but Thunderbird does a pretty good job of filtering that out. No errors in the spamd logs. Most e-mail scanned by spamassassin and marked as spam says it takes around 0.5 to 3 secs to scan and be marked as spam. It does appear I am seeing status 256 in my smtp log files. Here is a snip: 2006-11-06 10:44:55.701627500 tcpserver: status: 2/50 2006-11-06 10:45:02.256818500 tcpserver: status: 3/50 2006-11-06 10:45:05.314525500 tcpserver: end 5226 status 256 2006-11-06 10:45:05.314531500 tcpserver: status: 2/50 2006-11-06 10:45:11.114846500 tcpserver: end 5228 status 256 2006-11-06 10:45:11.114852500 tcpserver: status: 1/50 2006-11-06 10:45:35.024883500 tcpserver: status: 2/50 2006-11-06 10:45:39.820891500 tcpserver: end 5273 status 256 2006-11-06 10:45:39.820897500 tcpserver: status: 1/50 2006-11-06 10:46:09.466074500 tcpserver: status: 2/50 2006-11-06 10:46:13.493163500 tcpserver: end 5276 status 256 2006-11-06 10:46:13.493169500 tcpserver: status: 1/50 2006-11-06 10:46:47.935619500 tcpserver: end 5279 status 256 I do not see any errors in the clamd nor spamd logs. Thanks for the help. Josh On 11/5/06, Eric Shubes [EMAIL PROTECTED] wrote: Also, are you seeing smtp sessions end after 300 or 600 seconds with status 256? Do you see any errors in the spamd log? Does spamd ever max out the cpu for a period of time? Erik Espinoza wrote: rblsmtpd doesn't take up very many resources. This is probably due to spamassassin or clamav, You may want to look through the logs of the spamassassin and clamav to see if there are any issues that show through. Is this a very stock install or did you enable things, such as SURBL or Pyzor? Any more details about your configuration would be appreciated. Thanks, Erik On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: I forgot to mention the blacklists I use: -rrelays.ordb.org -rsbl-xbl.spamhaus.org -rbl.spamcop.net -rlist.dsbl.org -rdnsbl.njabl.org -rdun.dnsrbl.net I think these are all working, last time I checked. Could slow dns queries be causing my issues? On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Hello list, I run a centos 4.4 final server using qmail-toaster-1.03-1.3.5 from a few months ago. Recently, in the past couple months, I've had intermittent issues where my server becomes unresponsive for a few minutes at a time, several times a day. Unresponsive to the web server it runs, dns queries, mail, ssh etc. I tracked down the problem to random IP addresses opening a bunch of smtp processes and attempting to send spam to my server. I run a four domains and a few e-mail users of a personal nature. Nothing mission critical here. However, it is annoying the server gets pretty much tied up dealing with the spam. I checked my server to make sure it isn't an open relay, which came back clean. I have no auto-responders, nor any catch alls. I edited /var/qmail/control/concurrencyincoming to 50 instead of the 100 and that made no difference. The server is a P4
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
Well, I can post what qmailtoaster mrtg is curently showing: concurrency: http://i13.tinypic.com/436j4uf.png messages: http://i13.tinypic.com/2cr0hz8.png smtp: http://i14.tinypic.com/40mbodi.png smtp allow/deny: http://i13.tinypic.com/2yw7olx.png spamd: http://i13.tinypic.com/2eocutk.png On 11/6/06, Eric Shubes [EMAIL PROTECTED] wrote: Like I said, I don't know mrtg, but what makes you doubt its accuracy? Joshua Zukerman wrote: MRTG (on the network interface) sometimes shows some peaks of traffic, like 300kbit, nothing too serious. qmailmrtg notes quite a bunch of smtp connections but I think it isn't too accurate. On 11/6/06, Eric Shubes [EMAIL PROTECTED] wrote: That looks/sounds ok to me. Is your network connection jammed when you have these unresponsive episodes? I'm not familiar with the the mrtg data, but do you see anything there that coincides with the episodes? Joshua Zukerman wrote: I use a pretty much stock qmailtoaster install. I believe the only customizations were the RBLs and my spamassassin configuration file. Here it is: # How many hits before a message is considered spam. required_score 5.0 # Change the subject of suspected spam rewrite_header subject *SPAM* # Encapsulate spam in an attachment (0=no, 1=yes, 2=safe) report_safe 1 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning bayes_auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - english ok_languagesen # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_RELAYS_ORDB_ORG 4 score RCVD_IN_DSBL 4 blacklist_from [addresses here] whitelist_from [addresses here] I still get quite a bit of spam into my inbox, but Thunderbird does a pretty good job of filtering that out. No errors in the spamd logs. Most e-mail scanned by spamassassin and marked as spam says it takes around 0.5 to 3 secs to scan and be marked as spam. It does appear I am seeing status 256 in my smtp log files. Here is a snip: 2006-11-06 10:44:55.701627500 tcpserver: status: 2/50 2006-11-06 10:45:02.256818500 tcpserver: status: 3/50 2006-11-06 10:45:05.314525500 tcpserver: end 5226 status 256 2006-11-06 10:45:05.314531500 tcpserver: status: 2/50 2006-11-06 10:45:11.114846500 tcpserver: end 5228 status 256 2006-11-06 10:45:11.114852500 tcpserver: status: 1/50 2006-11-06 10:45:35.024883500 tcpserver: status: 2/50 2006-11-06 10:45:39.820891500 tcpserver: end 5273 status 256 2006-11-06 10:45:39.820897500 tcpserver: status: 1/50 2006-11-06 10:46:09.466074500 tcpserver: status: 2/50 2006-11-06 10:46:13.493163500 tcpserver: end 5276 status 256 2006-11-06 10:46:13.493169500 tcpserver: status: 1/50 2006-11-06 10:46:47.935619500 tcpserver: end 5279 status 256 I do not see any errors in the clamd nor spamd logs. Thanks for the help. Josh On 11/5/06, Eric Shubes [EMAIL PROTECTED] wrote: Also, are you seeing smtp sessions end after 300 or 600 seconds with status 256? Do you see any errors in the spamd log? Does spamd ever max out the cpu for a period of time? Erik Espinoza wrote: rblsmtpd doesn't take up very many resources. This is probably due to spamassassin or clamav, You may want to look through the logs of the spamassassin and clamav to see if there are any issues that show through. Is this a very stock install or did you enable things, such as SURBL or Pyzor? Any more details about your configuration would be appreciated. Thanks, Erik On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: I forgot to mention the blacklists I use: -rrelays.ordb.org -rsbl-xbl.spamhaus.org -rbl.spamcop.net -rlist.dsbl.org -rdnsbl.njabl.org -rdun.dnsrbl.net I think these are all working, last time I checked. Could slow dns queries be causing my issues? On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Hello list, I run a centos 4.4 final server using qmail-toaster-1.03-1.3.5 from a few months ago. Recently, in the past couple months, I've had intermittent issues where my server becomes unresponsive for a few minutes at a time, several times a day. Unresponsive to the web server it runs, dns queries, mail, ssh etc. I tracked down the problem to random IP addresses opening a bunch of smtp processes and attempting to send spam to my server. I run a four domains and a few e-mail users of a personal nature. Nothing mission critical here. However, it is annoying the
[qmailtoaster] Re: Issues with spam causing high load and unresponsive server
I forgot to mention the blacklists I use: -rrelays.ordb.org -rsbl-xbl.spamhaus.org -rbl.spamcop.net -rlist.dsbl.org -rdnsbl.njabl.org -rdun.dnsrbl.net I think these are all working, last time I checked. Could slow dns queries be causing my issues? On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Hello list, I run a centos 4.4 final server using qmail-toaster-1.03-1.3.5 from a few months ago. Recently, in the past couple months, I've had intermittent issues where my server becomes unresponsive for a few minutes at a time, several times a day. Unresponsive to the web server it runs, dns queries, mail, ssh etc. I tracked down the problem to random IP addresses opening a bunch of smtp processes and attempting to send spam to my server. I run a four domains and a few e-mail users of a personal nature. Nothing mission critical here. However, it is annoying the server gets pretty much tied up dealing with the spam. I checked my server to make sure it isn't an open relay, which came back clean. I have no auto-responders, nor any catch alls. I edited /var/qmail/control/concurrencyincoming to 50 instead of the 100 and that made no difference. The server is a P4 2.4ghz, with 512mb of ram, couple of drives in a Raid1 configuration, on a shared T1 line. I don't use much bandwidth, however the bandwidth is there if I need it. So I do not think this is an issue with internet connectivity. I can always ping the server remotely and all responses come back properly. I checked the smtp logs, and see random IP addresses trying to send mail to my server. No one IP address repeatedly trying to connect, so blocking IP addresses was a futile effort. I do use the blacklists and that helps somewhat. I also have spamassassin installed which helps a bit with the spam e-mails. Most of the spam e-mails are directed to non-existent e-mail accounts. Is there anything I can do to limit the amount of connections one ip address is allowed to open at one time? Or something else I can do to not make my server so unresponsive? - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Re: Issues with spam causing high load and unresponsive server
Also, are you seeing smtp sessions end after 300 or 600 seconds with status 256? Do you see any errors in the spamd log? Does spamd ever max out the cpu for a period of time? Erik Espinoza wrote: rblsmtpd doesn't take up very many resources. This is probably due to spamassassin or clamav, You may want to look through the logs of the spamassassin and clamav to see if there are any issues that show through. Is this a very stock install or did you enable things, such as SURBL or Pyzor? Any more details about your configuration would be appreciated. Thanks, Erik On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: I forgot to mention the blacklists I use: -rrelays.ordb.org -rsbl-xbl.spamhaus.org -rbl.spamcop.net -rlist.dsbl.org -rdnsbl.njabl.org -rdun.dnsrbl.net I think these are all working, last time I checked. Could slow dns queries be causing my issues? On 11/5/06, Joshua Zukerman [EMAIL PROTECTED] wrote: Hello list, I run a centos 4.4 final server using qmail-toaster-1.03-1.3.5 from a few months ago. Recently, in the past couple months, I've had intermittent issues where my server becomes unresponsive for a few minutes at a time, several times a day. Unresponsive to the web server it runs, dns queries, mail, ssh etc. I tracked down the problem to random IP addresses opening a bunch of smtp processes and attempting to send spam to my server. I run a four domains and a few e-mail users of a personal nature. Nothing mission critical here. However, it is annoying the server gets pretty much tied up dealing with the spam. I checked my server to make sure it isn't an open relay, which came back clean. I have no auto-responders, nor any catch alls. I edited /var/qmail/control/concurrencyincoming to 50 instead of the 100 and that made no difference. The server is a P4 2.4ghz, with 512mb of ram, couple of drives in a Raid1 configuration, on a shared T1 line. I don't use much bandwidth, however the bandwidth is there if I need it. So I do not think this is an issue with internet connectivity. I can always ping the server remotely and all responses come back properly. I checked the smtp logs, and see random IP addresses trying to send mail to my server. No one IP address repeatedly trying to connect, so blocking IP addresses was a futile effort. I do use the blacklists and that helps somewhat. I also have spamassassin installed which helps a bit with the spam e-mails. Most of the spam e-mails are directed to non-existent e-mail accounts. Is there anything I can do to limit the amount of connections one ip address is allowed to open at one time? Or something else I can do to not make my server so unresponsive? -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]