Why amd I getting all these refused: too many connections message?

AbeFroman

BANNED
Feb 16, 2002
644
1
318
[email protected] [~]# tail -f /var/log/exim_mainlog
2004-09-20 11:46:01 Connection from [69.6.61.42] refused: too many connections
2004-09-20 11:46:01 Connection from [24.123.4.90] refused: too many connections
2004-09-20 11:46:02 unexpected disconnection while reading SMTP command from (205.243.144.9) [222.223.129.47]
2004-09-20 11:46:03 Connection from [203.146.15.234] refused: too many connections
2004-09-20 11:46:05 Connection from [219.108.178.173] refused: too many connections
2004-09-20 11:46:05 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:06 Connection from [82.156.183.43] refused: too many connections
2004-09-20 11:46:06 Connection from [199.201.128.21] refused: too many connections
2004-09-20 11:46:06 Connection from [61.211.230.178] refused: too many connections
2004-09-20 11:46:06 Connection from [199.201.128.29] refused: too many connections
2004-09-20 11:46:08 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:08 Connection from [221.140.209.26] refused: too many connections
2004-09-20 11:46:09 Connection from [24.201.214.205] refused: too many connections
2004-09-20 11:46:10 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:11 Connection from [211.207.19.185] refused: too many connections
2004-09-20 11:46:11 Connection from [81.48.198.221] refused: too many connections
2004-09-20 11:46:11 Connection from [220.83.181.93] refused: too many connections
2004-09-20 11:46:12 Connection from [80.219.19.133] refused: too many connections
2004-09-20 11:46:13 Connection from [207.155.252.95] refused: too many connections
2004-09-20 11:46:13 Connection from [221.140.209.13] refused: too many connections
2004-09-20 11:46:14 Connection from [208.218.215.225] refused: too many connections
2004-09-20 11:46:15 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:15 Connection from [81.244.40.228] refused: too many connections
2004-09-20 11:46:16 Connection from [61.19.213.83] refused: too many connections
2004-09-20 11:46:16 Connection from [61.36.190.211] refused: too many connections
2004-09-20 11:46:18 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:18 Connection from [148.244.228.109] refused: too many connections
2004-09-20 11:46:18 Connection from [65.193.241.93] refused: too many connections
2004-09-20 11:46:19 Connection from [211.212.191.201] refused: too many connections
2004-09-20 11:46:19 Connection from [69.64.33.81] refused: too many connections
2004-09-20 11:46:19 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:19 Connection from [219.250.93.171] refused: too many connections
2004-09-20 11:46:19 Connection from [82.50.182.175] refused: too many connections
2004-09-20 11:46:19 Connection from [222.223.129.47] refused: too many connections
2004-09-20 11:46:20 Connection from [211.212.191.201] refused: too many connections
 

TheRaven

Member
Jan 30, 2004
21
0
151
I'd like to know this too! I've been complaining of this to my host for several months and all I hear is either it's a client issue or no one else is experiencing it!
 

Sheldon

Well-Known Member
Jun 7, 2004
378
0
166
Canada
its either of the following.

too many visitors to your site at one time, usually this isnt a problem, but sometimes hosts lock down apache to only allow so many users at a site at one time.. (so you dont overload apache)

Same goes with mysql.

Dont know about SMTP(Exim)

However I have been getting users who are complaining of connection refused lately as well.. I think its a problem with cpanel. I will be submitting a ticket soon if this doesnt fix itself.. LOL.

Obviously look at log files to see if you can see any other problems. ... However if you dont have root to the box.. it makes it difficult.

Sheldon
 

TheRaven

Member
Jan 30, 2004
21
0
151
I should have been more explicit. It's not Apache, with me. It's FTP, although I am experiencing some other issues with Apache too. Wonder if they're related? Hmmmm.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
Well, this is clearly an Exim issue.

If you're getting that error, you're either hitting the limit in:
WHM > Tweak Settings > The maximum each domain can send out per hour

Though, I think you just get a relaying failure with that. Most likely you've gone over the exim smtp_accept_max setting in /etc/exim.conf. This would indicate either an excessively busy SMTP server, or a badly configured one with problems.

One thing that springs to mind is an Exim Dictionary Attack ACL (not mine) that drops connections based on RCPT failures and then hangs the connection and then drops it. If you're using that, then that can easily cause this problem (as it keep connections open for several minutes and therefore the SMTP server can run out of smtp_accept_max).

If that is the case, I'd suggest replacing that ACL with this one:
http://www.webumake.com/free/eximdeny.htm
 

AbeFroman

BANNED
Feb 16, 2002
644
1
318
So increase max per domain per hour and smtp_accept_max and dont use a dictionary attack blocker?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
No and no. There really should be no need to increase that value - hitting it suggests an underlying problem. An do use a Dictionary Attack ACL, just not one that imposes a delay before dropping the connection (as I explained).
 

AbeFroman

BANNED
Feb 16, 2002
644
1
318
Should I decrease smtp_accept_max?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
No, there's no need to decrease it. If you know your server is genuinly that busy as a mail server, then you can look at changing the value, otherwise there should be no need. I think I've explained my reasoning behind this enough now :)
 

AbeFroman

BANNED
Feb 16, 2002
644
1
318
Do you need the default email set to :fail: for the dictionary block to work?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
Yes. If you have it set to forward you'll never get a RCPT failure and :blackhole: won't work either as the email is accepted and then disgarded. So, you do need the catchall alias (default address) set to :fail: and any genuine addresses setup as either POP3 accounts or aliases (forwarders)