The service “exim” appears to be down

360webfirm

Well-Known Member
Oct 5, 2016
96
10
58
Ottawa
cPanel Access Level
Root Administrator
Good day to all of you.

I am having the exim service go down, come back up and then go down yet again. The reason is because of to: 421 Too many concurrent SMTP connections; please try again later.

I am sure this is because my Email Dovecot is being attacked as its not because of users as there are only two users using the c panel email and these are very small businesses. cPHulk shows a constant add on to being blocked by all sorts of countries. The Blocks are on Mail - Dovecot.

Can anyone offer any advise on this as this is getting very anoying. My host provider has DDOS protection, but I amn still being effected as the EXIM is going down and then back up again and then down again. This is the first time having this issue. The connection is set at 100 and with only two clients having emails, this is more than enough, so its attackers causing the tring to connect issues I believe.

Thank you all for your help and support as always.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,243
2,085
363
cPanel Access Level
Root Administrator
Hey hey! I'm sorry to hear about this issue. It's unlikely a host's typical DDoS protection would also include connections over the mail ports, as those systems are usually designed for web traffic only.

Do you have cPHulk enabled on the machine? This would track failed logins and there is an option to "Block IP addresses at the firewall level if they trigger brute force protection" that would permanently block anyone with failed logins. You'll just want to make sure you whitelist your own IP so you can login if something triggers a block on the root user, but that may be a good solution for this problem after it has been running for an hour or so as cPHulk monitors the following services:
  • cPanel services (Port 2083).
  • WHM services (Port 2087).
  • Mail services (Dovecot and Exim).
  • The Pure-FTPd service.
  • Secure Shell (SSH) access.
 

360webfirm

Well-Known Member
Oct 5, 2016
96
10
58
Ottawa
cPanel Access Level
Root Administrator
I do have it enabled for sure. I also have c panel monitor all of that. The issue is that its too many connections, but thsoe are not really connections as there are only two email on the complete server for internal emails, most of the accounts use external MX records and emails from places like Google, Outlook etc. I dont like to support email so I ask clients to buy email elsewhere. Its just two small acounts that have one email each so I am sure this is NOT using the connections, but rather the email is being DDOS from an outside source.

With Exim being offline, will this cause issues with External emails? Example, one client that uses Google for thier email and have it set to remote with MX records from Google on the zone. If the Exim is not working, will this effect those external emails?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,243
2,085
363
cPanel Access Level
Root Administrator
Turning off Exim will not have any affect on domains using remote MX records, as incoming mail wouldn't reach your server. If their website has any forms or tools that send messages, those would no longer be able to send mail.

Another option would be to only allow your user's remote IP addresses to connect through SMTP, POP, and IMAP using WHM >> Host Access Control, as other connections would then be blocked: