Author: Tim Jackson Date: To: exim-users Subject: Re: [exim] Re: Connection refused: too many connections - why?
Jürgen Herz wrote:
> exiwhat says "handling incoming connection from smtp-send.myrealbox.com
> [151.155.5.143]". With idling I meant they don't consume CPU time.
If you had a whole stack of entries like this, for an extended period of
time, this would imply that myrealbox.com has opened a load of
connections to send mail to you, but those connections are hanging for
some reason. It could be their end, in which case they're not being
particularly friendly, or it might be yours (have you got connection
delays or anything? DNS lookups?)
> This "hang" just happened again last night after only a few hours this
> time. But since questionable connections being handled by all those
> processes are from Myrealbox, I don't think it's a selective DOS. It's
> just that I instructed Myrealbox to CC the server Exim is running on for
> every incoming message.
OK, so you know who the connections are coming from and they're
"friendly". That's good.
>>Limiting the number of connections per host to a small percentage of
>>your available connections may help, although not in the case of a
>>distributed attack as above.
> I'll monitor this with the advanced logging.
What I described above would be excellent for this circumstance,
assuming that all the myrealbox.com connections come from the same IP.
It won't stop you getting your mail but it will stop myrealbox.com
eating all your available connections.
