too many connection to SMTP server in exim_mainlog, How to solve it?
It is a cPanel server and from /var/log/exim_mainlog, I can see that, there are too many connections to the server. Mostly the number of action connection will be less than 25. But even after increasing the maximum connection from 100 to 150, still we are getting too many connection problem.
2016-03-11 15:33:24 Connection from [216.113.172.65]:59122 refused: too many connections
2016-03-11 15:33:25 Connection from [216.158.225.200]:44107 refused: too many connections
2016-03-11 15:33:25 Connection from [213.61.222.76]:53953 refused: too many connections
2016-03-11 15:33:27 Connection from [46.23.76.98]:42336 refused: too many connections
2016-03-11 15:33:27 Connection from [91.194.248.147]:37566 refused: too many connections
Looks like SMTP server is kind of under attack or something like slowloris.
How can I solve this problem ?
Open rely is not allowed in server. We have verified it.
centos smtp mailx exim cpanel
asked Mar 11 '16 at 10:08
ManiMani
206817
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
It is a cPanel server and from /var/log/exim_mainlog, I can see that, there are too many connections to the server. Mostly the number of action connection will be less than 25. But even after increasing the maximum connection from 100 to 150, still we are getting too many connection problem.
2016-03-11 15:33:24 Connection from [216.113.172.65]:59122 refused: too many connections
2016-03-11 15:33:25 Connection from [216.158.225.200]:44107 refused: too many connections
2016-03-11 15:33:25 Connection from [213.61.222.76]:53953 refused: too many connections
2016-03-11 15:33:27 Connection from [46.23.76.98]:42336 refused: too many connections
2016-03-11 15:33:27 Connection from [91.194.248.147]:37566 refused: too many connections
Looks like SMTP server is kind of under attack or something like slowloris.
How can I solve this problem ?
Open rely is not allowed in server. We have verified it.
centos smtp mailx exim cpanel
asked Mar 11 '16 at 10:08
ManiMani
206817
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
It is a cPanel server and from /var/log/exim_mainlog, I can see that, there are too many connections to the server. Mostly the number of action connection will be less than 25. But even after increasing the maximum connection from 100 to 150, still we are getting too many connection problem.
2016-03-11 15:33:24 Connection from [216.113.172.65]:59122 refused: too many connections
2016-03-11 15:33:25 Connection from [216.158.225.200]:44107 refused: too many connections
2016-03-11 15:33:25 Connection from [213.61.222.76]:53953 refused: too many connections
2016-03-11 15:33:27 Connection from [46.23.76.98]:42336 refused: too many connections
2016-03-11 15:33:27 Connection from [91.194.248.147]:37566 refused: too many connections
Looks like SMTP server is kind of under attack or something like slowloris.
How can I solve this problem ?
Open rely is not allowed in server. We have verified it.
centos smtp mailx exim cpanel
asked Mar 11 '16 at 10:08
ManiMani
206817
It is a cPanel server and from /var/log/exim_mainlog, I can see that, there are too many connections to the server. Mostly the number of action connection will be less than 25. But even after increasing the maximum connection from 100 to 150, still we are getting too many connection problem.
2016-03-11 15:33:24 Connection from [216.113.172.65]:59122 refused: too many connections
2016-03-11 15:33:25 Connection from [216.158.225.200]:44107 refused: too many connections
2016-03-11 15:33:25 Connection from [213.61.222.76]:53953 refused: too many connections
2016-03-11 15:33:27 Connection from [46.23.76.98]:42336 refused: too many connections
2016-03-11 15:33:27 Connection from [91.194.248.147]:37566 refused: too many connections
Looks like SMTP server is kind of under attack or something like slowloris.
How can I solve this problem ?
Open rely is not allowed in server. We have verified it.
centos smtp mailx exim cpanel
centos smtp mailx exim cpanel
asked Mar 11 '16 at 10:08
ManiMani
206817
asked Mar 11 '16 at 10:08
ManiMani
206817
asked Mar 11 '16 at 10:08
ManiMani
206817
asked Mar 11 '16 at 10:08
ManiMani
206817
asked Mar 11 '16 at 10:08
ManiMani
206817
206817
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I have asked this question and as we have solved this problem, I want to answer it, so that it helps someone. It was a very rare issue and difficult to find out the root cause, though the problem is simple.
When we get too many connections from various IP address, We thought that, it could be DDOS. After analyzing the too many connection, We have found out that, all the connections are coming from legitimate website such as linkedIn, Google, Facebook, and so on.
Also we thought that, there could be a problem with eth0 or eth1 port, but actually not.
After one day of debugging, We have found out that, there is a problem i the MTU (max transfer unit) of the TCP/IP packet. SMTP server all of sudden started rejecting all the packets above size 1457. So most of the packets coming to SMTP server are 1500 in size. As these packets didn't reach the SMTP server, the others servers are keep trying to deliver the mails again & again.
We have verified the problem with ping "IP Addr" -l 1472
The actual problem was with some ISP, in some network hub the packets were rejected above 1457 bytes.
ping -s 1472 localhost (linux)
(28 bytes for ICMP header and remaining are pay load)
answered Mar 18 '16 at 5:15
ManiMani
206817
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f269119%2ftoo-many-connection-to-smtp-server-in-exim-mainlog-how-to-solve-it%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I have asked this question and as we have solved this problem, I want to answer it, so that it helps someone. It was a very rare issue and difficult to find out the root cause, though the problem is simple.
When we get too many connections from various IP address, We thought that, it could be DDOS. After analyzing the too many connection, We have found out that, all the connections are coming from legitimate website such as linkedIn, Google, Facebook, and so on.
Also we thought that, there could be a problem with eth0 or eth1 port, but actually not.
After one day of debugging, We have found out that, there is a problem i the MTU (max transfer unit) of the TCP/IP packet. SMTP server all of sudden started rejecting all the packets above size 1457. So most of the packets coming to SMTP server are 1500 in size. As these packets didn't reach the SMTP server, the others servers are keep trying to deliver the mails again & again.
We have verified the problem with ping "IP Addr" -l 1472
The actual problem was with some ISP, in some network hub the packets were rejected above 1457 bytes.
ping -s 1472 localhost (linux)
(28 bytes for ICMP header and remaining are pay load)
answered Mar 18 '16 at 5:15
ManiMani
206817
add a comment |
I have asked this question and as we have solved this problem, I want to answer it, so that it helps someone. It was a very rare issue and difficult to find out the root cause, though the problem is simple.
When we get too many connections from various IP address, We thought that, it could be DDOS. After analyzing the too many connection, We have found out that, all the connections are coming from legitimate website such as linkedIn, Google, Facebook, and so on.
Also we thought that, there could be a problem with eth0 or eth1 port, but actually not.
After one day of debugging, We have found out that, there is a problem i the MTU (max transfer unit) of the TCP/IP packet. SMTP server all of sudden started rejecting all the packets above size 1457. So most of the packets coming to SMTP server are 1500 in size. As these packets didn't reach the SMTP server, the others servers are keep trying to deliver the mails again & again.
We have verified the problem with ping "IP Addr" -l 1472
The actual problem was with some ISP, in some network hub the packets were rejected above 1457 bytes.
ping -s 1472 localhost (linux)
(28 bytes for ICMP header and remaining are pay load)
answered Mar 18 '16 at 5:15
ManiMani
206817
add a comment |
I have asked this question and as we have solved this problem, I want to answer it, so that it helps someone. It was a very rare issue and difficult to find out the root cause, though the problem is simple.
When we get too many connections from various IP address, We thought that, it could be DDOS. After analyzing the too many connection, We have found out that, all the connections are coming from legitimate website such as linkedIn, Google, Facebook, and so on.
Also we thought that, there could be a problem with eth0 or eth1 port, but actually not.
After one day of debugging, We have found out that, there is a problem i the MTU (max transfer unit) of the TCP/IP packet. SMTP server all of sudden started rejecting all the packets above size 1457. So most of the packets coming to SMTP server are 1500 in size. As these packets didn't reach the SMTP server, the others servers are keep trying to deliver the mails again & again.
We have verified the problem with ping "IP Addr" -l 1472
The actual problem was with some ISP, in some network hub the packets were rejected above 1457 bytes.
ping -s 1472 localhost (linux)
(28 bytes for ICMP header and remaining are pay load)
answered Mar 18 '16 at 5:15
ManiMani
206817
I have asked this question and as we have solved this problem, I want to answer it, so that it helps someone. It was a very rare issue and difficult to find out the root cause, though the problem is simple.
When we get too many connections from various IP address, We thought that, it could be DDOS. After analyzing the too many connection, We have found out that, all the connections are coming from legitimate website such as linkedIn, Google, Facebook, and so on.
Also we thought that, there could be a problem with eth0 or eth1 port, but actually not.
After one day of debugging, We have found out that, there is a problem i the MTU (max transfer unit) of the TCP/IP packet. SMTP server all of sudden started rejecting all the packets above size 1457. So most of the packets coming to SMTP server are 1500 in size. As these packets didn't reach the SMTP server, the others servers are keep trying to deliver the mails again & again.
We have verified the problem with ping "IP Addr" -l 1472
The actual problem was with some ISP, in some network hub the packets were rejected above 1457 bytes.
ping -s 1472 localhost (linux)
(28 bytes for ICMP header and remaining are pay load)
answered Mar 18 '16 at 5:15
ManiMani
206817
answered Mar 18 '16 at 5:15
ManiMani
206817
answered Mar 18 '16 at 5:15
ManiMani
206817
answered Mar 18 '16 at 5:15
ManiMani
206817
206817
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f269119%2ftoo-many-connection-to-smtp-server-in-exim-mainlog-how-to-solve-it%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
