SMTP making too much connection

[hasnisyed]

Hello, Recently my server got suspended by the my VPS provider here is the reason they suspend it

List of processes running on VPS 5136
**********************************************
24944      httpd            /usr/local/apache/bin/httpd -k start -DSSL
60439      httpd            /usr/local/apache/bin/httpd -k start -DSSL
73386      httpd            /usr/local/apache/bin/httpd -k start -DSSL
90976      exim            /usr/sbin/exim -q
257719    perl            /usr/local/cpanel/3rdparty/bin/perl -x --
/usr/local/assp/assp.pl /usr/local/assp
298348    init            init
298352    kthreadd/5136   
298353    khelper/5136   
298964    udevd            /sbin/udevd -d
302386    rsyslogd        /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
302598    named            /usr/sbin/named -u named
302921    nscd            /usr/sbin/nscd
303029    sshd            /usr/sbin/sshd
311573    mysqld_safe      /bin/sh /usr/bin/mysqld_safe
--datadir=/var/lib/mysql --pid-file=/var/lib/mysql/servercp.vchatx.com.pid
311729    mysqld          /usr/sbin/mysqld --basedir=/usr
--datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --user=mysql
--log-error=/var/lib/mysql/servercp.vchatx.com.err --open-files-limit=10000
--pid-file=/var/lib/mysql/servercp.vchatx.com.pid
316810    httpd            /usr/local/apache/bin/httpd -k start -DSSL
316827    nginx            nginx: master process /usr/sbin/nginx -c
/etc/nginx/nginx.conf
316828    nginx            nginx: worker process
316829    nginx            nginx: worker process
316830    nginx            nginx: cache manager process
316841    pure-uploadscri  /usr/sbin/pure-uploadscript -B -r
/usr/share/ilabs_antimalware/pure-ftpd-inspector.php
316874    pure-ftpd        pure-ftpd (SERVER)
316876    pure-authd      /usr/sbin/pure-authd -s /var/run/ftpd.sock -r
/usr/local/cpanel/bin/pureauth
316887    crond            crond
316946    atd              /usr/sbin/atd
317064    /usr/local/cpan  /usr/local/cpanel/3rdparty/perl/514/sbin/munin-node
318117    cpsrvd (SSL) -  cpsrvd (SSL) - waiting f --llu=1455603762
--listen=10,11,4,5,6,7,8,9
319049    mingetty        /sbin/mingetty console
319050    mingetty        /sbin/mingetty tty2
395906    exim            /usr/sbin/exim -q
403545    ssl-params      dovecot/ssl-params
405107    dovecot          /usr/sbin/dovecot
405112    pop3-login      dovecot/pop3-login
405113    imap-login      dovecot/imap-login
405114    anvil            dovecot/anvil
405115    log              dovecot/log
405118    pop3-login      dovecot/pop3-login
405120    imap-login      dovecot/imap-login
405121    config          dovecot/config
411010    queueprocd - wa  queueprocd - wait to process a task
411077    cpanel_php_fpm  php-fpm: master process
(/usr/local/cpanel/etc/php-fpm.conf)
411087    cPhulkd - proce  cPhulkd - processor
411154    cpdavd - accept  cpdavd - accepting connections on 2077, 2078, 2079,
and 2080
411169    cpanellogd - sl  cpanellogd - sleeping for logs
417200    /usr/local/assp  /usr/local/assp/scripts/assplocalemails
417381    tailwatchd      tailwatchd
417819    exim            /usr/sbin/exim -bd -q60m -oP
/var/spool/exim/exim-daemon.pid
446841    clamd            /usr/local/cpanel/3rdparty/bin/clamd
459941    perl            /usr/local/cpanel/3rdparty/bin/perl -x --
/usr/local/assp/scripts/asspcheck
496382    lfd - sleeping  lfd - sleeping
569907    auth            dovecot/auth
683330    leechprotect    /usr/local/cpanel/3rdparty/bin/perl
/usr/local/cpanel/bin/leechprotect
683332    httpd            /usr/local/apache/bin/httpd -k start -DSSL
683333    httpd            /usr/local/apache/bin/httpd -k start -DSSL
683334    httpd            /usr/local/apache/bin/httpd -k start -DSSL
683335    httpd            /usr/local/apache/bin/httpd -k start -DSSL
690195    httpd            /usr/local/apache/bin/httpd -k start -DSSL
704045    httpd            /usr/local/apache/bin/httpd -k start -DSSL
707768    httpd            /usr/local/apache/bin/httpd -k start -DSSL
711376    httpd            /usr/local/apache/bin/httpd -k start -DSSL
712504    httpd            /usr/local/apache/bin/httpd -k start -DSSL
714463    exim            /usr/sbin/sendmail -t -i
[email protected]
714696    crond            CROND
714734    munin-cron      /bin/sh
/usr/local/cpanel/3rdparty/perl/514/bin/munin-cron
714992    exim            /usr/sbin/sendmail -t -i
[email protected]
715097    munin-update    /usr/local/cpanel/3rdparty/perl/514/bin/perl
/usr/local/cpanel/3rdparty/share/munin/munin-update
715145    exim            /usr/sbin/sendmail -t -i
[email protected]
715552    exim            /usr/sbin/sendmail -t -i
[email protected]
715772    /usr/local/cpan  /usr/local/cpanel/3rdparty/share/munin/munin-update
[Munin::Master::UpdateWorker<vchatx.com;servercp.vchatx.com>]
715821    /usr/local/cpan  /usr/local/cpanel/3rdparty/perl/514/sbin/munin-node
[::ffff:127.0.0.1]
716657    exim            /usr/sbin/sendmail -t -i
[email protected]
716681    exim            /usr/sbin/sendmail -t -i
[email protected]
716746    exim            /usr/sbin/exim -bd -q60m -oP
/var/spool/exim/exim-daemon.pid
717210    exim            /usr/sbin/sendmail -t -i
[email protected]
717714    exim_mailqueue  /bin/sh /etc/munin/plugins/exim_mailqueue
717717    exiqgrep        /usr/local/cpanel/3rdparty/perl/514/bin/perl
/usr/sbin/exiqgrep -cz
717718    awk              awk
  BEGIN { frozen=mails="U"; }
  /[0-9]+ matches out of [0-9]+ messages/ { frozen=$1; mails=($5-$1); }
  END { printf("frozen.value %s\nmails.value %s\n",frozen,mails); }
717774    exim            /usr/sbin/exim -bpu
717819    exim            /usr/sbin/exim -q
717827    exim            /usr/sbin/exim -q
717841    exim            /usr/sbin/exim -q
717863    exim            /usr/sbin/exim -q
717894    exim            /usr/sbin/exim -q
717897    exim            /usr/sbin/exim -q
819562    exim            /usr/sbin/exim -q


**********************************************
First 285 lines from conntrack table (truncated)
**********************************************
ipv4    2 tcp      6 80 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=57603
dport=125 src=127.0.0.1 dst=127.0.0.1 sport=125 dport=57603 [ASSURED] mark=0
secmark=0 use=2
ipv4    2 tcp      6 55 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36535 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36535 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 8 CLOSE src=192.241.117.180 dst=98.138.112.32 sport=34266
dport=25 src=98.138.112.32 dst=192.241.117.180 sport=25 dport=34266 [ASSURED]
mark=0 secmark=0 use=2
ipv4    2 tcp      6 111 TIME_WAIT src=192.241.117.180 dst=63.250.192.46
sport=58618 dport=25 src=63.250.192.46 dst=192.241.117.180 sport=25 dport=58618
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 119 TIME_WAIT src=192.241.117.180 dst=98.136.217.203
sport=43015 dport=25 src=98.136.217.203 dst=192.241.117.180 sport=25
dport=43015
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 8 CLOSE src=192.241.117.180 dst=98.138.112.35 sport=37136
dport=25 src=98.138.112.35 dst=192.241.117.180 sport=25 dport=37136 [ASSURED]
mark=0 secmark=0 use=2
ipv4    2 udp      17 4 src=192.241.117.180 dst=8.8.8.8 sport=33364 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=33364 mark=0 secmark=0 use=2
ipv4    2 udp      17 13 src=192.241.117.180 dst=8.8.8.8 sport=48727 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=48727 mark=0 secmark=0 use=2
ipv4    2 udp      17 22 src=192.241.117.180 dst=8.8.8.8 sport=52739 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=52739 mark=0 secmark=0 use=2
ipv4    2 udp      17 14 src=192.241.117.180 dst=8.8.8.8 sport=42200 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=42200 mark=0 secmark=0 use=2
ipv4    2 tcp      6 53 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36490 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36490 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 53 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36492 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36492 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 105 TIME_WAIT src=192.241.117.180 dst=66.196.118.36
sport=56945 dport=25 src=66.196.118.36 dst=192.241.117.180 sport=25 dport=56945
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 104 TIME_WAIT src=192.241.117.180 dst=98.138.112.37
sport=38269 dport=25 src=98.138.112.37 dst=192.241.117.180 sport=25 dport=38269
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 73 src=192.241.117.180 dst=8.8.8.8 sport=46364 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=46364 [ASSURED] mark=0 secmark=0
use=2
ipv4    2 tcp      6 119 TIME_WAIT src=192.241.117.180 dst=98.138.112.35
sport=33353 dport=25 src=98.138.112.35 dst=192.241.117.180 sport=25 dport=33353
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 299 ESTABLISHED src=192.241.117.180 dst=98.136.217.202
sport=54805 dport=25 src=98.136.217.202 dst=192.241.117.180 sport=25
dport=54805
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 1 src=192.241.117.180 dst=8.8.8.8 sport=57000 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=57000 mark=0 secmark=0 use=2
ipv4    2 udp      17 0 src=192.241.117.180 dst=8.8.8.8 sport=41731 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=41731 mark=0 secmark=0 use=2
ipv4    2 udp      17 3 src=192.241.117.180 dst=8.8.8.8 sport=53737 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=53737 mark=0 secmark=0 use=2
ipv4    2 udp      17 17 src=192.241.117.180 dst=8.8.8.8 sport=60645 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=60645 mark=0 secmark=0 use=2
ipv4    2 tcp      6 53 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36466 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36466 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 49 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36410 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36410 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 53 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36470 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36470 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 172 src=192.241.117.180 dst=8.8.8.8 sport=43729 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=43729 [ASSURED] mark=0 secmark=0
use=2
ipv4    2 tcp      6 58 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36554 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36554 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 116 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=37043 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=37043 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 115 src=192.241.117.180 dst=8.8.8.8 sport=41641 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=41641 [ASSURED] mark=0 secmark=0
use=2
ipv4    2 tcp      6 115 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36974 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36974 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 19 src=192.241.117.180 dst=8.8.8.8 sport=49802 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=49802 mark=0 secmark=0 use=2
ipv4    2 udp      17 18 src=192.241.117.180 dst=8.8.8.8 sport=38116 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=38116 mark=0 secmark=0 use=2
ipv4    2 udp      17 14 src=192.241.117.180 dst=8.8.8.8 sport=40950 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=40950 mark=0 secmark=0 use=2
ipv4    2 tcp      6 111 TIME_WAIT src=192.241.117.180 dst=98.136.216.25
sport=40822 dport=25 src=98.136.216.25 dst=192.241.117.180 sport=25 dport=40822
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 0 src=192.241.117.180 dst=8.8.8.8 sport=54081 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=54081 mark=0 secmark=0 use=2
ipv4    2 tcp      6 116 TIME_WAIT src=192.241.117.180 dst=98.138.112.35
sport=34359 dport=25 src=98.138.112.35 dst=192.241.117.180 sport=25 dport=34359
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 112 TIME_WAIT src=192.241.117.180 dst=66.196.118.36
sport=46888 dport=25 src=66.196.118.36 dst=192.241.117.180 sport=25 dport=46888
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 115 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36967 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36967 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 119 TIME_WAIT src=192.241.117.180 dst=66.196.118.33
sport=42449 dport=25 src=66.196.118.33 dst=192.241.117.180 sport=25 dport=42449
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 110 TIME_WAIT src=192.241.117.180 dst=98.136.217.203
sport=45089 dport=25 src=98.136.217.203 dst=192.241.117.180 sport=25
dport=45089
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 49 TIME_WAIT src=192.241.117.180 dst=192.241.117.180
sport=36395 dport=8080 src=192.241.117.180 dst=192.241.117.180 sport=8080
dport=36395 [ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 118 TIME_WAIT src=192.241.117.180 dst=66.196.118.240
sport=56287 dport=25 src=66.196.118.240 dst=192.241.117.180 sport=25
dport=56287
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 tcp      6 112 TIME_WAIT src=192.241.117.180 dst=63.250.192.45
sport=33701 dport=25 src=63.250.192.45 dst=192.241.117.180 sport=25 dport=33701
[ASSURED] mark=0 secmark=0 use=2
ipv4    2 udp      17 19 src=192.241.117.180 dst=8.8.8.8 sport=55699 dport=53
src=8.8.8.8 dst=192.241.117.180 sport=53 dport=55699 mark=0 secmark=0 use=2
ipv4    2 udp      17 3 src=192.241.117.180 dst=8.8.8.8 sport=59653 dport=53
--

Anyone can help me how to resolve this ?

 

[cPanelMichael]

Hello

The following document is a good place to start:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

Thank you.