Autor: Tim Jackson Data: A: exim-users Assumpte: Re: [exim] Connection refused: too many connections - why?
Jürgen Herz wrote:
> after few days running flawlessly, exim suddenly decides to fail.
> I then find hundreds of
> Connection from [some address] refused: too many connections
> in the log file and 20 instances of exim running but idling.
How do you know they were idling? What did "exiwhat" show?
> And the log also doesn't show connection attempts right before the error
> lines start.
Have you got this logging turned on?
Typically this thing happens when a/some spammer(s) decide to suddenly
open a load of connections. I've seen the same thing with distributed
attacks where a load of different (but clearly controlled-together)
machines connect. Sometimes (for whatever reason) they hold the
connections open, apparently not doing much, for quite a while.
Limiting the number of connections per host to a small percentage of
your available connections may help, although not in the case of a
distributed attack as above.