LinkBack URL
About LinkBacksHow do I increase the number of connections for pop3d?
maillog keeps displaying the error:
pop3d: Maximum connection limit reached for IP.
TIA
How do I increase the number of connections for pop3d?
How do I increase the number of connections for pop3d?
maillog keeps displaying the error:
pop3d: Maximum connection limit reached for IP.
TIA
In WHM -> Service Configuration -> Courier Configuration you can customize these settingsOriginally Posted by BianchiDude
.
How do I know what values are suitable?,
I saw it was 40 by default but what happpens if I do increase to 200? how this impact the server performance?
Thanks
Yesterday I increased the max active connections to 250, now checking my logs found this was not enough
240 active connections.: 2 Time(s)
241 active connections.: 1 Time(s)
242 active connections.: 1 Time(s)
246 active connections.: 2 Time(s)
247 active connections.: 2 Time(s)
248 active connections.: 1 Time(s)
249 active connections.: 2 Time(s)
250 maximum active connections.: 17 Time(s)
35 active connections.: 28 Time(s)
36 active connections.: 7 Time(s)
37 active connections.: 11 Time(s)
38 active connections.: 10 Time(s)
39 active connections.: 18 Time(s)
40 maximum active connections.: 61 Time(s)
Checking active connections I found this
[root@svr01 input1]# netstat -an|grep 110|awk {'print $5'}|cut -d: -f4|sort|uniq -c
10 190.24.150.9
1 190.156.36.161
1 190.24.251.105
1 190.40.127.73
1 200.118.121.132
1 200.71.57.88
1 201.244.56.216
1 201.245.102.20
1 201.245.245.11
136 200.93.143.82
1 65.167.60.86
21 201.243.13.233
2 200.69.123.138
2 200.71.42.71
2 201.245.40.138
3 190.144.136.189
3 190.24.138.106
4 190.156.165.237
4 200.107.6.237
4 201.245.248.74
5 201.244.234.21
57 200.75.80.220
7 201.245.81.9
97 200.118.126.34
Most of this connections come from 4 customers having large amounts of email accounts, so I can't block those IPs.
Any suggestions?
I think you should find out why they are abusing your system. Massive amounts of email accounts or not, there is no need for perpetual connections like that. I use default of 40 and never had problems even with servers with 600 accounts.
Some may be logging in every few seconds, you may want to hamper the amount of logins per domain to a set limit per hour.
Your customer is either a major corporation in Brazil, or you are getting hit with a DDoS, in the latter case I would block these IPs:
136 200.93.143.82
57 200.75.80.220
97 200.118.126.34
those ips are from my customers, in fact they have a lot of email accounts but connections are much more than email accounts at least for 200.93.143.82 and 200.118.126.34
Hello, seems this was a DDOS from infected computers on those IPs,
Probably this is a kind of spam opening connections to the server but not sending as described here http://www.exim-users.org/forums/showthread.php?t=55599,
How do I set this acl rule to see if that solves the problem?
acl_notquit:
# Allow anything that's authenticated, from our networks or to
submit port
accept authenticated = *
accept hosts = +relay_hosts
accept condition = ${if eq {$interface_port}{587}
{yes}{no}}
# Rate-limit suspicious connections
warn condition = ${if match {$smtp_notquit_reason}
{command} \
{yes}{no} }
logwrite = RATELIMIT ${sender_host_address}: \
$smtp_notquit_reason
ratelimit = 1 / 1h / per_conn
Any help greatly appreciated.
Thanks
thanks for the informationIn WHM -> Service Configuration -> Courier Configuration you can customize these settings
Alfredo Andaluz Prado
Ihostmarket "Advanced Hosting Solutions"
IHM
Reply With Quote