cppop not closing connections?

luis

Well-Known Member
Sep 3, 2001
50
0
306
I have this problem, from time to time cppop is failing due to some clients reaching the maximum pop3 connections, when chckservd can't connect (as any other user) it restarts the service cleaning everything, but the problem starts again after a few hours.

At first sight it seems like a customer abusing or a zombie network trying to send spam, but if I

netstat -an|grep 110|awk {'print $5'}|cut -d: -f4|sort|uniq -c

I can get the ips of the "abusing" networks, then I go and

grep "abusingip" maillog

And to my surprise the activity seems completely normal, this last time it was a single user connecting every 5 minutes, something completely normal.
Besides the problem seems to replicate with random customers this time was this customer, last time it was another two different ones...

Monitoring netstat I can see the problem growing slowly, for example, with this last customer at first there were something like 5 connections, about 15 minutes later there was 10 and so on, so this last time:
Code:
[email protected] [/var/log]# netstat -an | grep 189.182.64.50
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3754   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:2289   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:1786   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:2791   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3310   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3792   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3548   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:4041   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3022   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:1840   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:2357   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3089   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:2674   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3431   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:2901   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3672   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3934   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:3142   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:2634   ESTABLISHED 
tcp        0      0 ::ffff:74.55.82.18:110      ::ffff:189.182.64.50:4174   ESTABLISHED
Looks to me as if cppop for some reason is not closing connections properly.

I already went to WHM and upped the maximum total connections to 100 and lowered the maximum connections per IP to 10 but the problem persists.

Any clues?
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
Note, cppop is only used on systems running the mbox format. The mbox format is no longer supported by cPanel/WHM as previously announced at http://blog.cpanel.net/?p=61 and elsewhere.

I recommend converting to maildir as soon as possible to avoid further issues.

Things to keep in mind regarding the maildir conversion:
- This can take anywhere from a few minutes to a couple of days depending on the amount of mail stored on your sever.
- Users will be unable to check their mail during the conversion
- Incoming mail will be queued until the conversion is complete.
- Even if the process seems frozen or stalled, do not terminate the conversion process. This is probably one of the leading causes of failed or incomplete conversions.
- /scripts/convert2maildir is an interactive script. The conversion process will also run in the background so you wont need to worry about maintaining your SSH session.
 

luis

Well-Known Member
Sep 3, 2001
50
0
306
I'm prety sure I did that a long time ago, in fact on my service status it says (exim-4.69-6_cpanel_maildir).

But now you leave me a bit confused, because in WHM in the restart services section it says: POP3 Server (cPPOP) and after the actual restart it says "cppop started ok" but in the logs of /var/log/maillog it says pop3d.

Could you prease clarify this?

The problem persists...
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
I'm prety sure I did that a long time ago, in fact on my service status it says (exim-4.69-6_cpanel_maildir).

But now you leave me a bit confused, because in WHM in the restart services section it says: POP3 Server (cPPOP) and after the actual restart it says "cppop started ok" but in the logs of /var/log/maillog it says pop3d.

Could you prease clarify this?

The problem persists...
Hmm, if you are on maildir, cppop shouldn't be running at all as it's been replaced with Courier.

Please submit a support ticket directly to us regarding this situation so we can have our technical analysts take a look at this for you: http://tickets.cPanel.net/submit
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator
I'm prety sure I did that a long time ago, in fact on my service status it says (exim-4.69-6_cpanel_maildir).

But now you leave me a bit confused, because in WHM in the restart services section it says: POP3 Server (cPPOP) and after the actual restart it says "cppop started ok" but in the logs of /var/log/maillog it says pop3d.

Could you prease clarify this?

The problem persists...
Make certain your cPanel install is up-to-date. You can check the version numbers at http://layer1.cpanel.net for comparison.