Re: [Exim] URGENT help too many connections

Top Page
Delete this message
Reply to this message
Author: ayman farra
Date:  
To: Eric Kuzniar, exim-users
CC: aymana
Subject: Re: [Exim] URGENT help too many connections
Eric,

Yes, I am getting joe-jobbed. Traffic is not an issue
here is just SMTP can not take that much connection
coming in.

Thanks for your respond. I will follow your step and I
will update if there is any improvement.

Ayman

--- Eric Kuzniar <kuzniar@???> wrote:
>
> >I start seeing "Connection from [xxx.xxx.xxx.xxx]
> >refused: too many connections" in the mainlog
> >
> >it's so much that tail -f keeps going on so fast
> and
> >that causes no single Email to get through.
> >
> >smtp_accept_max is been set to 70
> >
> >exim4 is the one been installed
> >
> >Looks like we been attacked by random IP to un
> >existing mail users on our mailserver
> >
> >what should i do ?
> >
> >thanks
> >
>     Sounds like you are  getting joe-jobbed. If this
> is the case the
> IP's aren't random IP's but rather thousands of
> seperate mailservers
> connecting to yours to send bounce messages to spam
> that was sent with
> forged headers stating they were from
> randomcrap@yourdomain. Since these
> are all distinct mailservers trying to send you
> bounces they will
> probably be well behaved and retry many times before
> giving up. Some
> mailservers will try 1000's of times an hour. This
> can be painful. If
> your normal traffic allows, you can look for some of
> these offenders and
> block them at the IP level until load stabilizes.
> Also, some of the
> requests will be for Sender Verification. Try
> increasing your
> smtp_connect_backlog to as much as your machine can
> bear. You will have
> to tweak it down after the spam run is over,
> however, because, although
> your machine may be able to handle the backlog when
> just telling people
> no such user, it probably won't be able to handle
> that many when most of
> the mail is real. Also be prepared for tons of
> stupid automated UCE:
> messages to postmaster from moronic systems
> demanding you take
> appropriate action to make sure they never get any
> spam again. If your
> configuration allow, even if just for a short period
> of time, publish
> some SPF records real quick, it actually helps.

>
>        Eric

>



__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/