The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim load

Discussion in 'General Discussion' started by linuxgirl, Jun 29, 2007.

  1. linuxgirl

    linuxgirl Active Member

    Joined:
    Nov 20, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Hello,


    We are facing too many exim load on server and getting following logs continueously.
    Please let me know is it incomming spamming or outgoing -
    ---------------
    2007-06-27 05:36:22 SMTP connection from [83.149.253.243]:2685 I=[216.240.157.23]:25 lost (error: Connection reset by peer)
    2007-06-27 05:36:22 H=(216.240.157.23) [151.23.132.211]:2876 I=[216.240.157.23]:25 F=<info@egeberg.net> rejected RCPT <admin@domainname.com>: Unrouteable address
    2007-06-27 05:36:22 SMTP connection from [77.96.133.247]:3634 I=[216.240.157.23]:25 (TCP/IP connection count = 22)
    2007-06-27 05:36:22 SMTP connection from [59.182.61.223]:1049 I=[216.240.157.23]:25 (TCP/IP connection count = 23)
    2007-06-27 05:36:23 H=(216.240.157.23) [151.23.132.211]:2876 I=[216.240.157.23]:25 F=<info@egeberg.net> rejected RCPT <hr@domainname.com>: Unrouteable address
    2007-06-27 05:36:23 H=(216.240.157.23) [151.23.132.211]:2876 I=[216.240.157.23]:25 F=<info@egeberg.net> rejected RCPT <sale@domainname.com>: Unrouteable address
    2007-06-27 05:36:23 SMTP connection from (localhost.localdomain) [12.104.206.240]:2765 I=[216.240.157.23]:25 closed by QUIT
    2007-06-27 05:36:25 SMTP connection from [62.117.111.26]:42039 I=[216.240.157.23]:25 (TCP/IP connection count = 23)
    2007-06-27 05:36:25 SMTP connection from [62.117.111.26]:42039 I=[216.240.157.23]:25 lost
    2007-06-27 05:36:25 no IP address found for host triband-mum-59.182.61.223.mtnl.net.in (during SMTP connection from (28662044) [59.182.61.223]:1049 I=[216.240.157.23]:25)
    2007-06-27 05:36:26 SMTP connection from [60.214.46.197]:12950 I=[216.240.157.23]:25 (TCP/IP connection count = 23)
    2007-06-27 05:36:26 SMTP connection from [213.251.192.51]:3872 I=[216.240.157.23]:25 (TCP/IP connection count = 24)
    2007-06-27 05:36:26 SMTP connection from [212.27.42.29]:53559 I=[216.240.157.23]:25 (TCP/IP connection count = 25)
    2007-06-27 05:36:26 SMTP call from (Hazari) [59.183.23.65]:1344 I=[216.240.157.23]:25 dropped: too many nonmail commands (last was "RSET")
    2007-06-27 05:36:27 SMTP connection from [218.239.72.37]:2402 I=[216.240.157.23]:25 (TCP/IP connection count = 25)
    2007-06-27 05:36:27 SMTP connection from [89.179.10.250]:1046 I=[216.240.157.23]:25 (TCP/IP connection count = 26)
    -------------------------------------------------------------------------------------------------
    domainname.com = this is the domain name on our server

    How to resolve exim load on server? How to stop incoming spamming?
    Also we have observed that there is many connection to 110 port when we do netstat -n.

    So please guide us and update us with solution.

    Regards,
    Linuxgirl
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    if you have a firewall - ban the ip: 216.240.157.23

    its incoming traffic but looks as if who/whatever is initiating the connections doesnt know smtp commands!
     
  3. linuxgirl

    linuxgirl Active Member

    Joined:
    Nov 20, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    What do you mean by this -

    "who/whatever is initiating the connections doesnt know smtp commands!"

    Also the IP you mentioned which of our servers IP.Is there any other way?




    Regards,
    Linuxgirl
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Looks like it's from disparate IP addresses and so looks like either a DDOS attack against your SMTP server, or you've FUBAR'd your exim configuration. You could try upping smtp_accept_max from the default 100 to, say, 200 and see if it helps, although that could just end up causing heavy load on the server without resolving the issue. You can change that value by adding the following line in the WHM > Exim Configuration Editor > Advanced Mode > in the first box:

    smtp_accept_max = 200

    If all the SMTP connections are consumed again, then you probably need to speak to your datacenter and have them help protect your IP address from a DDOS assault.
     
Loading...

Share This Page