SPAMd / EXIM fails frequently... Any solutions?

ramcjbin

Member
Mar 12, 2005
10
0
151
Hi,

100's of processes like the ones shown below causes SPAMd / EXIM to crash.

1053 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1136 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1219 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1413 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1419 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1421 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1422 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1482 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1490 mailnull 0 0.0 0.2 /usr/sbin/exim -bd -q60m
1541 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1542 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1592 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1593 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1597 mailnull 0 0.0 0.2 /usr/sbin/exim -bd -q60m
1621 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1642 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1692 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1693 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1697 mailnull 0 0.0 0.2 /usr/sbin/exim -bd -q60m
1801 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m

How to correct this problem?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
ramcjbin said:
100's of processes like the ones shown below causes SPAMd / EXIM to crash.

1053 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
1801 mailnull 0 0.0 0.1 /usr/sbin/exim -bd -q60m
What's your Kernel version? You might have a script that loops indefinitely, or spammer using a script to deliver their spam. Did you check email traffic on your server? Does that cause server high load?
 

ramcjbin

Member
Mar 12, 2005
10
0
151
AndyReed said:
What's your Kernel version? You might have a script that loops indefinitely, or spammer using a script to deliver their spam. Did you check email traffic on your server? Does that cause server high load?
My kernel version is 2.6.14.3.dn2.64

MRTG shows mostly in single digit of received & send mails. Many times 1 to 5.

I use chripy's dictionary attack in EXIM and even reduced the allowed failure from 3 to 2

I see rejections in Exim logs.

Server load is very low.

Now installed PRM to intervene mailnull processes to keep control of it.

Dictionary attacks are going on as usual as per mail log and that too has only 2 to 3 attack entries in a minute.

Still lot of EXIM connections for very few mails.

Any idea where to check further?