The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim "too many connections" ..how to block in iptables?

Discussion in 'General Discussion' started by firebit, Apr 25, 2006.

  1. firebit

    firebit Member

    Joined:
    Apr 12, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    lately i'm getting way too many errors like these on my exim_mainlog:

    2006-04-25 06:31:03 Connection from [82.253.87.242] refused: too many connections
    2006-04-25 06:31:03 Connection from [151.38.243.112] refused: too many connections
    2006-04-25 06:31:05 Connection from [81.44.111.148] refused: too many connections
    2006-04-25 06:31:06 Connection from [201.254.157.130] refused: too many connections
    2006-04-25 06:31:08 Connection from [165.165.237.38] refused: too many connections
    2006-04-25 06:31:08 Connection from [217.132.36.246] refused: too many connections

    is there any way to automatically block these through iptables? or is there any script available?
     
  2. WebViper

    WebViper Registered

    Joined:
    Mar 25, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    kernel upgrade ?

    I spoke with BobCares and they said that their is no way a kernel upgrade would solve this issue. If any other people resolved this issue with a kernel upgrade please post it!

    Again If any other people resolved this issue with a kernel upgrade please post it!



    The stuff Nick and cpanel did did not resolve our issue as we thought!
     
  3. ivankovalenko

    ivankovalenko Active Member

    Joined:
    Jul 19, 2005
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Guys, the lines mentioned above are that exim cant accept connections from hosts in square brackets becouse of it has already reahed smtp_max_connect. It's not nessesary that those hosts are evil. Maybe some other ip has smtp'ed your exim up. So you'd better check smtp_accept_max_per_host setting - limit incoming smtp connection from host.

    Also you should use your iptables filter at full. Check SYN incoming packets on 25 port and limit it to some reasonable value (man iptables). And so on...
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. I'm not sure if the second poster is in the wrong thread, since this has nothing to do with the kernel. Your exim connections are being flooded and you need to curtail them as ivankovalenko suggests, or have a trawl over at www.exim.org. Also, make sure that you're not using any exim ACL's that use the delay command which can also make this happen.
     
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I believe Brute Force Detector (BFD) scans port 25 connections now and will block accordingly. Have a look here and see if you can install it (and APF too if feasable).
     
  6. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    exim attack

    uhmm maybe you are unde some kind of attack whit botnet against the port 25..
    if you use apf and you not have customers whit ehe CDIR conected to the port 25 .. just block them whit apf -d 151.0.0.0/8 for example or if you want to be a little more specific make thic kind of ban . apf -d 151.38.0.0/8
     
Loading...

Share This Page