Re: [Exim] URGENT help too many connections

Top Page
Delete this message
Reply to this message
Author: ayman farra
Date:  
To: Eric Kuzniar, exim-users
Subject: Re: [Exim] URGENT help too many connections
WOW looks like adding this :

smtp_accept_keepalive       = true
    smtp_accept_max             = 320
    smtp_accept_max_per_host    = 16
    smtp_accept_queue           = 128
    smtp_accept_reserve         = 20
    smtp_connect_backlog        = 16
    smtp_check_spool_space      = true
    smtp_receive_timeout        = 18m


did it :) I am no longer seeing too many connection

Thanks all



--- Eric Kuzniar <kuzniar@???> wrote:
>
> >I start seeing "Connection from [xxx.xxx.xxx.xxx]
> >refused: too many connections" in the mainlog
> >
> >it's so much that tail -f keeps going on so fast
> and
> >that causes no single Email to get through.
> >
> >smtp_accept_max is been set to 70
> >
> >exim4 is the one been installed
> >
> >Looks like we been attacked by random IP to un
> >existing mail users on our mailserver
> >
> >what should i do ?
> >
> >thanks
> >
>     Sounds like you are  getting joe-jobbed. If this
> is the case the
> IP's aren't random IP's but rather thousands of
> seperate mailservers
> connecting to yours to send bounce messages to spam
> that was sent with
> forged headers stating they were from
> randomcrap@yourdomain. Since these
> are all distinct mailservers trying to send you
> bounces they will
> probably be well behaved and retry many times before
> giving up. Some
> mailservers will try 1000's of times an hour. This
> can be painful. If
> your normal traffic allows, you can look for some of
> these offenders and
> block them at the IP level until load stabilizes.
> Also, some of the
> requests will be for Sender Verification. Try
> increasing your
> smtp_connect_backlog to as much as your machine can
> bear. You will have
> to tweak it down after the spam run is over,
> however, because, although
> your machine may be able to handle the backlog when
> just telling people
> no such user, it probably won't be able to handle
> that many when most of
> the mail is real. Also be prepared for tons of
> stupid automated UCE:
> messages to postmaster from moronic systems
> demanding you take
> appropriate action to make sure they never get any
> spam again. If your
> configuration allow, even if just for a short period
> of time, publish
> some SPF records real quick, it actually helps.

>
>        Eric

>
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>



__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/