On Thu, 25 Mar 2004 12:17:17 -0000 David Allen <d.allen@???> wrote:
> Apologies if this has been asked before
> Has anyone seen the following behaviour - exim refusing connections
> because smtp_accept_max has been exceeded BUT no messages being received
> from the systems that ARE connected. The existing connections appear to
> be fully established (i.e. it doesn't look like a SYN attack) and are
> not long-lived (i.e they seem to have a maximum duration of 1 or 2
> minutes).
i saw something like this a week ago.
it turned out to be a DOS against an older version of ClamAV. exim
was accepting the email and making it to the end of data, then ClamAV
was hanging, and all the connections were being consumed.
if this is what you've got, updating to a post 0.66 version of ClamAV
should fix it.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security