Re: [exim] too many connections

Top Page

Reply to this message
Author: Петрачев Олег
To: exim-users
Subject: Re: [exim] too many connections

> I have an exim mail server with the max number of connections set to 150.
> It has been running fine but over the last week or so, I am getting
> large numbers of established smtp connections to my machine even when
> the mail queue is completely clear.

Yes, I also noticed increacing number of connections to my server for the last
month. I do not know the reason, probably it is just botnets, but all this ends up
with my mail server completely unavailable for senders.

I solved this problem by creating mysql database for important events which I get
with log parsing. I add events like reject mail session by incorrect HELO/EHLO,
deny connection by blacklist or unexpected disconnection without QUIT.

For IP that meets these events too often (i.e 5 invalid HELO for last 2 hours) I
simply create a record in my firewall table for time intervals between 15 minutes
and 2 hours. This way my mail server does not loose available connections serving
hosts it will not receive messages from anyway.

I also check if connecting host has dialup or dynamic IP or has reverse resolving
problems. And if there are more than MAX_CONNECTIONS/2 connections at this moment
(use $smtp_count_at_connection_start), I temporarily defer connections from these
hosts. Too active hosts with dynamic IP or resolving problems also get into bad
events database, continuing in the firewall table.

Usually there are from 3000 to 7000 IP addresses in my firewall blocking table,
depending on time of the day. Mail servers work much better from this change,
delays with delivering mail to my mail system are gone.

Oleg Petrachev // cronfy