This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Out of connections and mail delayed

My SMTP log is full of failed connections. Is there anything I can do to allow more connections, 20 is the most?

Is this a sign that something else may be wrong as mail delays have just started today. Would appreciate any pointers on where to look.

Running ASL on a Dell dual PIII 1650 server 2Gb RAM. Version 7.304 with all latest patern updates, etc.

Thanks in advance!

Chris

[FONT=monospace]2009:01:22-17:46:23 (none) exim[4089]: 2009-01-22 17:46:23 Connection from [84.26.126.185]:63481 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:23 (none) exim[4089]: 2009-01-22 17:46:23 Connection from [190.26.149.143]:1227 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:23 (none) exim[4089]: 2009-01-22 17:46:23 Connection from [190.67.136.48]:22961 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:24 (none) exim[4089]: 2009-01-22 17:46:24 Connection from [94.181.239.11]:3604 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:24 (none) exim[4089]: 2009-01-22 17:46:24 Connection from [170.51.156.119]:23899 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:24 (none) exim[4089]: 2009-01-22 17:46:24 Connection from [170.51.156.119]:23906 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [82.139.48.230]:4250 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [170.51.156.119]:23910 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [200.102.191.213]:61983 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [170.51.156.119]:23913 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [67.76.212.82]:61116 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [94.178.249.32]:3329 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [201.232.218.44]:64156 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [77.101.94.172]:56275 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [190.67.136.48]:22968 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [190.159.219.55]:2000 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [190.67.194.122]:18054 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [89.138.180.169]:17242 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:25 (none) exim[4089]: 2009-01-22 17:46:25 Connection from [190.161.232.165]:1371 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:26 (none) exim[4089]: 2009-01-22 17:46:26 Connection from [41.221.17.193]:59784 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:26 (none) exim[4089]: 2009-01-22 17:46:26 Connection from [87.97.98.85]:2110 refused: too many connections[/FONT]
[FONT=monospace]2009:01:22-17:46:26 (none) exim[4089]: 2009-01-22 17:46:26 [/FONT]

This thread was automatically locked due to age.

Parents

0 joequick over 16 years ago

At first glance and a few lookups, it seems you have people connecting from:
Florida 67.76.212.82
Amsterdam 190.67.136.48
Latin America 190.67.136.48

Unless you are a multi national company, my guess would be that your packet filter rule for email says "any >>>> any"

If you are hosting your own email server this may be correct, but if your not it looks as if you are allowing open SMTP.

Might also be some kind of DOS attack.

More info on your config may produce more intelligent responses than what I can provide.

Our you running exchange behind the firewall?
Cancel
Vote Up 0 Vote Down

Cancel
0 chrismoo over 16 years ago in reply to joequick

Yes we are a multinational company and have our own Exchange server running behind the firewall. We use the SMTP Proxy in transparent mode and have all the Anti-spam and antivirus, etc enabled.

I have SPF, BATV and Blacklists on but not Greylisting.

Thanks for the response.

Chris
Cancel
Vote Up 0 Vote Down

Cancel
0 joequick over 16 years ago in reply to chrismoo

Chris,

First I would check the licensing and the number of users.

If that isnt the issue, the I would try seting up packet filter rules for your remote locations.

I am far from an expert and am limited in my knowledge as I dont have exchange and our offices all connect thru our VPN and use the proxy for email.

Is this a new setup or did it just start happening.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to joequick

Chris, I agree that you are experiencing a DOS. That is unless your customer base is primarily from South America....

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago in reply to joequick

Chris, I agree that you are experiencing a DOS. That is unless your customer base is primarily from South America....

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data