The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I increase the number of connections for pop3d?

Discussion in 'General Discussion' started by BianchiDude, Nov 9, 2007.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    How do I increase the number of connections for pop3d?

    maillog keeps displaying the error:
    pop3d: Maximum connection limit reached for IP.

    TIA
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    In WHM -> Service Configuration -> Courier Configuration you can customize these settings :).
     
  3. Alejandro P

    Alejandro P Well-Known Member

    Joined:
    Apr 6, 2007
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    How do I know what values are suitable?,

    I saw it was 40 by default but what happpens if I do increase to 200? how this impact the server performance?

    Thanks
     
  4. Alejandro P

    Alejandro P Well-Known Member

    Joined:
    Apr 6, 2007
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Yesterday I increased the max active connections to 250, now checking my logs found this was not enough

    240 active connections.: 2 Time(s)
    241 active connections.: 1 Time(s)
    242 active connections.: 1 Time(s)
    246 active connections.: 2 Time(s)
    247 active connections.: 2 Time(s)
    248 active connections.: 1 Time(s)
    249 active connections.: 2 Time(s)
    250 maximum active connections.: 17 Time(s)
    35 active connections.: 28 Time(s)
    36 active connections.: 7 Time(s)
    37 active connections.: 11 Time(s)
    38 active connections.: 10 Time(s)
    39 active connections.: 18 Time(s)
    40 maximum active connections.: 61 Time(s)

    Checking active connections I found this

    [root@svr01 input1]# netstat -an|grep 110|awk {'print $5'}|cut -d: -f4|sort|uniq -c
    10 190.24.150.9
    1 190.156.36.161
    1 190.24.251.105
    1 190.40.127.73
    1 200.118.121.132
    1 200.71.57.88
    1 201.244.56.216
    1 201.245.102.20
    1 201.245.245.11
    136 200.93.143.82
    1 65.167.60.86
    21 201.243.13.233
    2 200.69.123.138
    2 200.71.42.71
    2 201.245.40.138
    3 190.144.136.189
    3 190.24.138.106
    4 190.156.165.237
    4 200.107.6.237
    4 201.245.248.74
    5 201.244.234.21
    57 200.75.80.220
    7 201.245.81.9
    97 200.118.126.34

    Most of this connections come from 4 customers having large amounts of email accounts, so I can't block those IPs.

    Any suggestions?
     
  5. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    I think you should find out why they are abusing your system. Massive amounts of email accounts or not, there is no need for perpetual connections like that. I use default of 40 and never had problems even with servers with 600 accounts.

    Some may be logging in every few seconds, you may want to hamper the amount of logins per domain to a set limit per hour.
     
  6. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Your customer is either a major corporation in Brazil, or you are getting hit with a DDoS, in the latter case I would block these IPs:
    136 200.93.143.82
    57 200.75.80.220
    97 200.118.126.34
     
  7. Alejandro P

    Alejandro P Well-Known Member

    Joined:
    Apr 6, 2007
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    those ips are from my customers, in fact they have a lot of email accounts but connections are much more than email accounts at least for 200.93.143.82 and 200.118.126.34
     
  8. Alejandro P

    Alejandro P Well-Known Member

    Joined:
    Apr 6, 2007
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello, seems this was a DDOS from infected computers on those IPs,
     
  9. Alejandro P

    Alejandro P Well-Known Member

    Joined:
    Apr 6, 2007
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Probably this is a kind of spam opening connections to the server but not sending as described here http://www.exim-users.org/forums/showthread.php?t=55599,

    How do I set this acl rule to see if that solves the problem?

    acl_notquit:
    # Allow anything that's authenticated, from our networks or to
    submit port
    accept authenticated = *
    accept hosts = +relay_hosts
    accept condition = ${if eq {$interface_port}{587}
    {yes}{no}}
    # Rate-limit suspicious connections
    warn condition = ${if match {$smtp_notquit_reason}
    {command} \
    {yes}{no} }
    logwrite = RATELIMIT ${sender_host_address}: \
    $smtp_notquit_reason
    ratelimit = 1 / 1h / per_conn

    Any help greatly appreciated.

    Thanks
     
  10. devilsoulblack

    Joined:
    Mar 27, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chile
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    thanks for the information
     
Loading...

Share This Page