Re: [exim] smtp_accept_max_per_host

Góra strony
Delete this message
Reply to this message
Autor: Oliver von Bueren
Data:  
Dla: exim-users
Temat: Re: [exim] smtp_accept_max_per_host
Hi Randy

Randy Bush wrote:
> i am being smtp flooded from numerous sources.
>
> i have
>
>     smtp_accept_max_per_host = 4

>
> yet
>
>     netstat -nf inet \
>     |  awk '$4 ~ /\.25$/ {split($5, a, "[.]"); print a[1]"."a[2]"."a[3]"."a[4]}' \
>     | sort | uniq -c | sort -nr | awk '$1 > 1' | head -4

>
> shows
>
> 19 78.3.64.138
> 14 125.25.31.62
> 10 58.186.134.147
> 10 123.19.248.195
>
> so clearly i am not understanding something. clue bat, please.
>

I assume you run exim as a daemon and not from inetd, otherwise I think
this does not work.
Further more, do you see the log file showing the rejected connections like

2007-11-10 02:06:30 Connection from [xx.xx.xx.xx] refused: too many connections from that IP address


If yes, you probably just count not only the connections in ESTABLISHED
state but also in TIME_WAIT, FIN_WAIT_2, etc...

Try this: netstat -nf inet $* | grep -v " $" | grep -v "LISTEN$"
to display all connections except the listening ones, about the quick
check of what is on inbound wise.

Oliver