Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

SMTP timeout

 

 

exim users RSS feed   Index | Next | Previous | View Threaded


sysadmin at lyceefrancais

Oct 22, 2007, 3:32 AM

Post #1 of 5 (918 views)
Permalink
SMTP timeout

Hi,

I have a big problem of SMTP with our Exim mail server.
The symptoms are a timeout when trying to send messages.
It's impossible to connect to smtp. But the service is running.
For the ones using it only by the webmail (Horde), it's impossible to
connect.

The version is 4.5
In the exim.conf, we have :
***
smtp_accept_queue_per_connection = 100
queue_only_load = 6
***

I tried something found here by adding :
***
smtp_accept_max = 50
smtp_accept_max_per_host = 25
***
But it doesn't change anything.
I tried some open relay tests but it seems safe.
I'm still wondering if I'm not victim of a spammer.

Here are some results from commands i found on this mailing-list :

[root]# ps aux | grep exim | grep -v grep | grep -v restart
mail 6095 0.0 0.1 5592 2052 ? S Oct18 0:02
/usr/bin/exim -bd -q1h
mail 7173 0.0 0.2 5832 2440 ? S 02:37 0:00
/usr/bin/exim -bd -q1h
mail 9260 0.0 0.2 5808 2416 ? S 03:02 0:00
/usr/bin/exim -bd -q1h
mail 10718 0.0 0.2 5808 2416 ? S 03:27 0:00
/usr/bin/exim -bd -q1h
mail 11518 0.0 0.2 5820 2416 ? S 03:52 0:00
/usr/bin/exim -bd -q1h
mail 24973 0.0 0.2 5772 2364 ? S 04:42 0:00
/usr/bin/exim -bd -q1h
mail 25585 0.0 0.2 5768 2360 ? S 05:07 0:00
/usr/bin/exim -bd -q1h
mail 26233 0.0 0.2 5768 2360 ? S 05:32 0:00
/usr/bin/exim -bd -q1h
mail 26828 0.0 0.2 5756 2348 ? S 05:57 0:00
/usr/bin/exim -bd -q1h
mail 28035 0.0 0.2 5744 2336 ? S 06:47 0:00
/usr/bin/exim -bd -q1h
mail 28178 0.0 0.2 5736 2348 ? S 06:52 0:00
/usr/bin/exim -bd -q1h
mail 28674 0.0 0.2 5816 2432 ? S 07:12 0:00
/usr/bin/exim -bd -q1h
mail 29910 0.0 0.2 5728 2320 ? S 08:02 0:00
/usr/bin/exim -bd -q1h
mail 30521 0.0 0.2 5828 2444 ? S 08:27 0:00
/usr/bin/exim -bd -q1h
mail 30898 0.0 0.2 5716 2288 ? S 08:41 0:00
/usr/bin/exim -bd -q1h
mail 30930 0.0 0.2 5716 2292 ? S 08:43 0:00
/usr/bin/exim -bd -q1h
mail 30942 0.0 0.2 5716 2296 ? S 08:43 0:00
/usr/bin/exim -bd -q1h
mail 30965 0.0 0.2 5716 2296 ? S 08:44 0:00
/usr/bin/exim -bd -q1h
mail 30974 0.0 0.2 5716 2296 ? S 08:44 0:00
/usr/bin/exim -bd -q1h
mail 30976 0.0 0.2 5936 2532 ? S 08:44 0:00
/usr/bin/exim -bd -q1h
mail 30977 0.0 0.2 5732 2300 ? S 08:44 0:00
/usr/bin/exim -bd -q1h
mail 30978 0.0 0.2 5716 2288 ? S 08:44 0:00
/usr/bin/exim -bd -q1h
mail 31038 0.0 0.2 5716 2288 ? S 08:47 0:00
/usr/bin/exim -bd -q1h
mail 31079 0.0 0.2 5716 2292 ? S 08:49 0:00
/usr/bin/exim -bd -q1h
mail 31085 0.0 0.2 5716 2292 ? S 08:49 0:00
/usr/bin/exim -bd -q1h
mail 31103 0.0 0.2 5716 2292 ? S 08:49 0:00
/usr/bin/exim -bd -q1h
mail 31122 0.0 0.2 5716 2288 ? S 08:50 0:00
/usr/bin/exim -bd -q1h
mail 31164 0.0 0.2 5716 2292 ? S 08:51 0:00
/usr/bin/exim -bd -q1h
mail 31183 0.0 0.2 5716 2288 ? S 08:53 0:00
/usr/bin/exim -bd -q1h
mail 31221 0.0 0.2 5716 2292 ? S 08:53 0:00
/usr/bin/exim -bd -q1h
mail 31224 0.0 0.2 5716 2288 ? S 08:53 0:00
/usr/bin/exim -bd -q1h
mail 31225 0.0 0.2 5716 2288 ? S 08:53 0:00
/usr/bin/exim -bd -q1h
mail 31227 0.0 0.2 5716 2292 ? S 08:54 0:00
/usr/bin/exim -bd -q1h
mail 31233 0.0 0.2 5716 2288 ? S 08:54 0:00
/usr/bin/exim -bd -q1h
mail 31240 0.0 0.2 5716 2288 ? S 08:54 0:00
/usr/bin/exim -bd -q1h
mail 31282 0.0 0.2 5716 2292 ? S 08:56 0:00
/usr/bin/exim -bd -q1h
mail 31306 0.0 0.2 5716 2280 ? S 08:57 0:00
/usr/bin/exim -bd -q1h
mail 31340 0.0 0.2 5716 2280 ? S 08:57 0:00
/usr/bin/exim -bd -q1h
mail 31341 0.0 0.2 5716 2280 ? S 08:57 0:00
/usr/bin/exim -bd -q1h
mail 31342 0.0 0.2 5716 2280 ? S 08:57 0:00
/usr/bin/exim -bd -q1h
mail 31344 0.0 0.2 5612 2188 ? S 08:58 0:00
/usr/bin/exim -bd -q1h
mail 31350 0.0 0.2 5716 2280 ? S 08:58 0:00
/usr/bin/exim -bd -q1h
mail 31352 0.0 0.2 5716 2280 ? S 08:58 0:00
/usr/bin/exim -bd -q1h
mail 31396 0.0 0.2 5716 2276 ? S 08:59 0:00
/usr/bin/exim -bd -q1h
mail 31406 0.0 0.2 5716 2280 ? S 09:00 0:00
/usr/bin/exim -bd -q1h
mail 31413 0.0 0.2 5716 2280 ? S 09:00 0:00
/usr/bin/exim -bd -q1h
mail 31449 0.0 0.2 5716 2276 ? S 09:01 0:00
/usr/bin/exim -bd -q1h

[root]# lsof -i | grep smtp
exim 6095 mail 3u IPv4 -2016982540 TCP *:smtp (LISTEN)
exim 7173 mail 5u IPv4 -1941324508 TCP
www.our.server:smtp->our.provider.dns:37674 (ESTABLISHED)
exim 7173 mail 6u IPv4 -1941324508 TCP
www.our.server:smtp->our.provider.dns:37674 (ESTABLISHED)
exim 9260 mail 5u IPv4 -1940851730 TCP
www.our.server:smtp->our.provider.dns:38044 (ESTABLISHED)
exim 9260 mail 6u IPv4 -1940851730 TCP
www.our.server:smtp->our.provider.dns:38044 (ESTABLISHED)
exim 10718 mail 5u IPv4 -1940430039 TCP
www.our.server:smtp->our.provider.dns:38348 (ESTABLISHED)
exim 10718 mail 6u IPv4 -1940430039 TCP
www.our.server:smtp->our.provider.dns:38348 (ESTABLISHED)
exim 11518 mail 5u IPv4 -1939978049 TCP
www.our.server:smtp->our.provider.dns:38668 (ESTABLISHED)
exim 11518 mail 6u IPv4 -1939978049 TCP
www.our.server:smtp->our.provider.dns:38668 (ESTABLISHED)
exim 24973 mail 5u IPv4 -1939085466 TCP
www.our.server:smtp->our.provider.dns:39254 (ESTABLISHED)
exim 24973 mail 6u IPv4 -1939085466 TCP
www.our.server:smtp->our.provider.dns:39254 (ESTABLISHED)
exim 25585 mail 5u IPv4 -1938634657 TCP
www.our.server:smtp->our.provider.dns:39597 (ESTABLISHED)
exim 25585 mail 6u IPv4 -1938634657 TCP
www.our.server:smtp->our.provider.dns:39597 (ESTABLISHED)
exim 26233 mail 5u IPv4 -1938165067 TCP
www.our.server:smtp->our.provider.dns:39935 (ESTABLISHED)
exim 26233 mail 6u IPv4 -1938165067 TCP
www.our.server:smtp->our.provider.dns:39935 (ESTABLISHED)
exim 26828 mail 5u IPv4 -1937690832 TCP
www.our.server:smtp->our.provider.dns:40225 (ESTABLISHED)
exim 26828 mail 6u IPv4 -1937690832 TCP
www.our.server:smtp->our.provider.dns:40225 (ESTABLISHED)
exim 28035 mail 5u IPv4 -1936774443 TCP
www.our.server:smtp->our.provider.dns:40781 (ESTABLISHED)
exim 28035 mail 6u IPv4 -1936774443 TCP
www.our.server:smtp->our.provider.dns:40781 (ESTABLISHED)
exim 28178 mail 5u IPv4 -1936679014 TCP
www.our.server:smtp->our.provider.dns:40839 (ESTABLISHED)
exim 28178 mail 6u IPv4 -1936679014 TCP
www.our.server:smtp->our.provider.dns:40839 (ESTABLISHED)
exim 28674 mail 5u IPv4 -1936330313 TCP
www.our.server:smtp->our.provider.dns:40959 (ESTABLISHED)
exim 28674 mail 6u IPv4 -1936330313 TCP
www.our.server:smtp->our.provider.dns:40959 (ESTABLISHED)
exim 29910 mail 5u IPv4 -1935378598 TCP
www.our.server:smtp->our.provider.dns:41555 (ESTABLISHED)
exim 29910 mail 6u IPv4 -1935378598 TCP
www.our.server:smtp->our.provider.dns:41555 (ESTABLISHED)
exim 30521 mail 5u IPv4 -1934909438 TCP
www.our.server:smtp->our.provider.dns:41736 (ESTABLISHED)
exim 30521 mail 6u IPv4 -1934909438 TCP
www.our.server:smtp->our.provider.dns:41736 (ESTABLISHED)
httpd2 30623 apache 30u IPv4 -1934403420 TCP
localhost.localdomain:49218->localhost.localdomain:smtp (ESTABLISHED)
exim 31038 mail 5u IPv4 -1934519105 TCP
www.our.server:smtp->84-217-135-31.tn.glocalnet.net:52925 (CLOSE_WAIT)
exim 31038 mail 6u IPv4 -1934519105 TCP
www.our.server:smtp->84-217-135-31.tn.glocalnet.net:52925 (CLOSE_WAIT)
exim 31079 mail 5u IPv4 -1934483013 TCP
www.our.server:smtp->203.170.251.115:13024 (CLOSE_WAIT)
exim 31079 mail 6u IPv4 -1934483013 TCP
www.our.server:smtp->203.170.251.115:13024 (CLOSE_WAIT)
exim 31103 mail 5u IPv4 -1934477236 TCP
www.our.server:smtp->192.168.1.70:1087 (ESTABLISHED)
exim 31103 mail 6u IPv4 -1934477236 TCP
www.our.server:smtp->192.168.1.70:1087 (ESTABLISHED)
exim 31122 mail 5u IPv4 -1934458347 TCP
www.our.server:smtp->our.provider.dns:41904 (ESTABLISHED)
exim 31122 mail 6u IPv4 -1934458347 TCP
www.our.server:smtp->our.provider.dns:41904 (ESTABLISHED)
exim 31164 mail 5u IPv4 -1934442156 TCP
www.our.server:smtp->194.84.197.3:21301 (CLOSE_WAIT)
exim 31164 mail 6u IPv4 -1934442156 TCP
www.our.server:smtp->194.84.197.3:21301 (CLOSE_WAIT)
exim 31183 mail 5u IPv4 -1934419572 TCP
www.our.server:smtp->194.191.90.218.broad.wx.js.dynamic.163data.com.cn:codasrv
(CLOSE_WAIT)
exim 31183 mail 6u IPv4 -1934419572 TCP
www.our.server:smtp->194.191.90.218.broad.wx.js.dynamic.163data.com.cn:codasrv
(CLOSE_WAIT)
exim 31221 mail 5u IPv4 -1934405342 TCP
www.our.server:smtp->ppp-124.120.62.245.revip2.asianet.co.th:19874
(CLOSE_WAIT)
exim 31221 mail 6u IPv4 -1934405342 TCP
www.our.server:smtp->ppp-124.120.62.245.revip2.asianet.co.th:19874
(CLOSE_WAIT)
exim 31224 mail 5u IPv4 -1934403419 TCP
localhost.localdomain:smtp->localhost.localdomain:49218 (ESTABLISHED)
exim 31224 mail 6u IPv4 -1934403419 TCP
localhost.localdomain:smtp->localhost.localdomain:49218 (ESTABLISHED)
exim 31225 mail 5u IPv4 -1934403413 TCP
www.our.server:smtp->pool-71-191-165-34.washdc.fios.verizon.net:18398
(CLOSE_WAIT)
exim 31225 mail 6u IPv4 -1934403413 TCP
www.our.server:smtp->pool-71-191-165-34.washdc.fios.verizon.net:18398
(CLOSE_WAIT)
exim 31227 mail 5u IPv4 -1934397633 TCP
www.our.server:smtp->c-68-58-18-110.hsd1.in.comcast.net:1155 (CLOSE_WAIT)
exim 31227 mail 6u IPv4 -1934397633 TCP
www.our.server:smtp->c-68-58-18-110.hsd1.in.comcast.net:1155 (CLOSE_WAIT)
exim 31233 mail 5u IPv4 -1934392772 TCP
www.our.server:smtp->net84-253-158-183.mclink.it:22951 (CLOSE_WAIT)
exim 31233 mail 6u IPv4 -1934392772 TCP
www.our.server:smtp->net84-253-158-183.mclink.it:22951 (CLOSE_WAIT)
exim 31240 mail 5u IPv4 -1934388856 TCP
www.our.server:smtp->ns6387.ovh.net:58312 (ESTABLISHED)
exim 31240 mail 6u IPv4 -1934388856 TCP
www.our.server:smtp->ns6387.ovh.net:58312 (ESTABLISHED)
exim 31282 mail 5u IPv4 -1934358799 TCP
www.our.server:smtp->pc-91-157-44-190.cm.vtr.net:2463 (CLOSE_WAIT)
exim 31282 mail 6u IPv4 -1934358799 TCP
www.our.server:smtp->pc-91-157-44-190.cm.vtr.net:2463 (CLOSE_WAIT)
exim 31306 mail 5u IPv4 -1934341732 TCP
www.our.server:smtp->67-58-205-54.amtelecom.net:1045 (CLOSE_WAIT)
exim 31306 mail 6u IPv4 -1934341732 TCP
www.our.server:smtp->67-58-205-54.amtelecom.net:1045 (CLOSE_WAIT)
exim 31340 mail 5u IPv4 -1934325530 TCP
www.our.server:smtp->192.168.1.61:1092 (CLOSE_WAIT)
exim 31340 mail 6u IPv4 -1934325530 TCP
www.our.server:smtp->192.168.1.61:1092 (CLOSE_WAIT)
exim 31341 mail 5u IPv4 -1934324518 TCP
www.our.server:smtp->our.provider.dns:41951 (ESTABLISHED)
exim 31341 mail 6u IPv4 -1934324518 TCP
www.our.server:smtp->our.provider.dns:41951 (ESTABLISHED)
exim 31342 mail 5u IPv4 -1934322488 TCP
www.our.server:smtp->our.provider.dns:41952 (ESTABLISHED)
exim 31342 mail 6u IPv4 -1934322488 TCP
www.our.server:smtp->our.provider.dns:41952 (ESTABLISHED)
exim 31350 mail 5u IPv4 -1934311276 TCP
www.our.server:smtp->cpc1-mfld9-0-0-cust766.nott.cable.ntl.com:55054
(CLOSE_WAIT)
exim 31350 mail 6u IPv4 -1934311276 TCP
www.our.server:smtp->cpc1-mfld9-0-0-cust766.nott.cable.ntl.com:55054
(CLOSE_WAIT)
exim 31352 mail 5u IPv4 -1934307206 TCP
www.our.server:smtp->c-71-201-52-59.hsd1.il.comcast.net:1868 (CLOSE_WAIT)
exim 31352 mail 6u IPv4 -1934307206 TCP
www.our.server:smtp->c-71-201-52-59.hsd1.il.comcast.net:1868 (CLOSE_WAIT)
exim 31396 mail 5u IPv4 -1934284557 TCP
www.our.server:smtp->125.215.200.233:3051 (CLOSE_WAIT)
exim 31396 mail 6u IPv4 -1934284557 TCP
www.our.server:smtp->125.215.200.233:3051 (CLOSE_WAIT)
exim 31406 mail 5u IPv4 -1934278323 TCP
www.our.server:smtp->our.provider.dns:41963 (ESTABLISHED)
exim 31406 mail 6u IPv4 -1934278323 TCP
www.our.server:smtp->our.provider.dns:41963 (ESTABLISHED)
exim 31413 mail 5u IPv4 -1934261844 TCP
www.our.server:smtp->mpwr-static-216.70.164.156.mpowercom.net:3058
(CLOSE_WAIT)
exim 31413 mail 6u IPv4 -1934261844 TCP
www.our.server:smtp->mpwr-static-216.70.164.156.mpowercom.net:3058
(CLOSE_WAIT)
exim 31449 mail 5u IPv4 -1934247314 TCP
www.our.server:smtp->192.168.1.49:1199 (CLOSE_WAIT)
exim 31449 mail 6u IPv4 -1934247314 TCP
www.our.server:smtp->192.168.1.49:1199 (CLOSE_WAIT)
exim 31500 mail 5u IPv4 -1934232822 TCP
www.our.server:smtp->pc-202-190-47-190.cm.vtr.net:1829 (CLOSE_WAIT)
exim 31500 mail 6u IPv4 -1934232822 TCP
www.our.server:smtp->pc-202-190-47-190.cm.vtr.net:1829 (CLOSE_WAIT)
exim 31560 mail 5u IPv4 -1934177103 TCP
www.our.server:smtp->our.provider.dns:41989 (ESTABLISHED)
exim 31560 mail 6u IPv4 -1934177103 TCP
www.our.server:smtp->our.provider.dns:41989 (ESTABLISHED)
exim 31561 mail 5u IPv4 -1934173996 TCP
www.our.server:smtp->our.provider.dns:41992 (ESTABLISHED)
exim 31561 mail 6u IPv4 -1934173996 TCP
www.our.server:smtp->our.provider.dns:41992 (ESTABLISHED)
exim 31568 mail 5u IPv4 -1934165709 TCP
www.our.server:smtp->18924096149.user.veloxzone.com.br:1948 (CLOSE_WAIT)
exim 31568 mail 6u IPv4 -1934165709 TCP
www.our.server:smtp->18924096149.user.veloxzone.com.br:1948 (CLOSE_WAIT)
exim 31569 mail 5u IPv4 -1934164673 TCP
www.our.server:smtp->our.provider.dns:42000 (ESTABLISHED)
exim 31569 mail 6u IPv4 -1934164673 TCP
www.our.server:smtp->our.provider.dns:42000 (ESTABLISHED)
exim 31597 mail 5u IPv4 -1934160409 TCP
www.our.server:smtp->our.provider.dns:42003 (ESTABLISHED)
exim 31597 mail 6u IPv4 -1934160409 TCP
www.our.server:smtp->our.provider.dns:42003 (ESTABLISHED)
exim 31601 mail 5u IPv4 -1934157246 TCP
www.our.server:smtp->our.provider.dns:42004 (ESTABLISHED)
exim 31601 mail 6u IPv4 -1934157246 TCP
www.our.server:smtp->our.provider.dns:42004 (ESTABLISHED)
exim 31687 mail 5u IPv4 -1934111753 TCP
www.our.server:smtp->201-34-174-20.fnsce701.dsl.brasiltelecom.net.br:3943
(CLOSE_WAIT)
exim 31687 mail 6u IPv4 -1934111753 TCP
www.our.server:smtp->201-34-174-20.fnsce701.dsl.brasiltelecom.net.br:3943
(CLOSE_WAIT)

I can only recover my service after at least two or free restart of the
services (antivirus, antispam, exim..).
One other strange thing. It happens on the monday morning. Really a load
problem ?

Thank you for your ideas and experience.
As you guessed I'm new to exim.

Paul Lunetta.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


sysadmin at lyceefrancais

Oct 23, 2007, 2:48 AM

Post #2 of 5 (864 views)
Permalink
Re: SMTP timeout [In reply to]

Hi,

As I have no answer, I just add some others exim logs for those who
could perhaps help me have a clue.
Just before having the "too much SMTP connections" I have this :

2007-10-22 00:23:16 rejected HELO from [123.220.223.126]: syntactically
invalid argument(s): H\216\213
2007-10-22 00:23:59 rejected HELO from [123.220.223.126]: syntactically
invalid argument(s): H\216\213
2007-10-22 00:24:29 rejected HELO from [123.220.223.126]: syntactically
invalid argument(s): H\216\213
2007-10-22 00:24:30 rejected HELO from [123.220.223.126]: syntactically
invalid argument(s): H\216\213
2007-10-22 00:27:52 1Ijdea-00012h-6F demime acl condition: base64 line
contains illegal character
2007-10-22 00:47:58 1Ijdy0-0001AK-3h demime acl condition: base64 line
contains illegal character
2007-10-22 01:02:53 Start queue run: pid=4879
2007-10-22 01:02:53 1IjADj-0000h9-9z Unfrozen by auto-thaw
2007-10-22 01:02:53 1IjADj-0000h9-9z ** s [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:53 1IjADj-0000h9-9z Frozen (delivery error message)
2007-10-22 01:02:53 1Ij9m7-0000Vv-Fv Message is frozen
2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Unfrozen by auto-thaw
2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd ** dwtqupj [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Frozen (delivery error message)
2007-10-22 01:02:53 1Ij6K5-0007UW-IK Unfrozen by auto-thaw
2007-10-22 01:02:53 1Ij6K5-0007UW-IK ** rhb [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:53 1Ij6K5-0007UW-IK Frozen (delivery error message)
2007-10-22 01:02:53 1Ij60A-0007Mk-Io Unfrozen by auto-thaw
2007-10-22 01:02:53 1Ij60A-0007Mk-Io ** lkeykcw [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:53 1Ij60A-0007Mk-Io Frozen (delivery error message)
2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Unfrozen by auto-thaw
2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs ** xl [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Frozen (delivery error message)
2007-10-22 01:02:53 1IizF9-0004Sx-4u Unfrozen by auto-thaw
2007-10-22 01:02:53 1IizF9-0004Sx-4u ** tv [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:53 1IizF9-0004Sx-4u Frozen (delivery error message)
2007-10-22 01:02:53 1IixJx-0000be-UN Unfrozen by auto-thaw
2007-10-22 01:02:54 1IixJx-0000be-UN ** udxhxj [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1IixJx-0000be-UN Frozen (delivery error message)
2007-10-22 01:02:54 1IiyQG-00048A-9f Unfrozen by auto-thaw
2007-10-22 01:02:54 1IiyQG-00048A-9f ** xahe [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1IiyQG-00048A-9f Frozen (delivery error message)
2007-10-22 01:02:54 1IizJM-0004Uw-8k Unfrozen by auto-thaw
2007-10-22 01:02:54 1IizJM-0004Uw-8k ** gl [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1IizJM-0004Uw-8k Frozen (delivery error message)
2007-10-22 01:02:54 1Ij06y-0004q8-MV Unfrozen by auto-thaw
2007-10-22 01:02:54 1Ij06y-0004q8-MV ** lofgam [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1Ij06y-0004q8-MV Frozen (delivery error message)
2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Unfrozen by auto-thaw
2007-10-22 01:02:54 1Ij1WP-0005Qc-IX ** v [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Frozen (delivery error message)
2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Unfrozen by auto-thaw
2007-10-22 01:02:54 1Ij5PQ-00076J-Fs ** rxpwh [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Frozen (delivery error message)
2007-10-22 01:02:54 1Ij8LN-0008K6-7C Unfrozen by auto-thaw
2007-10-22 01:02:54 1Ij8LN-0008K6-7C ** ofv [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1Ij8LN-0008K6-7C Frozen (delivery error message)
2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Unfrozen by auto-thaw
2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa ** sgcgd [at] lyceefrancais:
Unrouteable address
2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Frozen (delivery error message)
2007-10-22 01:02:54 End queue run: pid=4879
2007-10-22 01:03:02 Connection from [210.23.1.3] refused: too many
connections

***
I guess it's a spammer trying to use our email domain name to send his
messages.
If you have any idea. I will also accept insults if i missed something
in documentation :)

Thank you in advance.

Paul.


--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


sysadmin at lyceefrancais

Oct 26, 2007, 2:58 AM

Post #3 of 5 (860 views)
Permalink
Re: SMTP timeout [In reply to]

Hi,

I am pretty sure that i have a breach in my security.
I doubled the capacity of SMTP accepted

smtp_accept_max = 100 (instead of 50)
smtp_accept_max_per_host = 50 (instead of 25)

and it has been fullfilled while there was only 2 internal users connected !

I made some "open relay" tests. All say "ok"
How can I really test my security and/or trace these spammers ?

Thank you if you can help and sorry for my poor english.

Paul.

Paul LUNETTA a écrit :
> Hi,
>
> As I have no answer, I just add some others exim logs for those who
> could perhaps help me have a clue.
> Just before having the "too much SMTP connections" I have this :
>
> 2007-10-22 00:23:16 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:23:59 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:24:29 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:24:30 rejected HELO from [123.220.223.126]: syntactically
> invalid argument(s): H\216\213
> 2007-10-22 00:27:52 1Ijdea-00012h-6F demime acl condition: base64 line
> contains illegal character
> 2007-10-22 00:47:58 1Ijdy0-0001AK-3h demime acl condition: base64 line
> contains illegal character
> 2007-10-22 01:02:53 Start queue run: pid=4879
> 2007-10-22 01:02:53 1IjADj-0000h9-9z Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1IjADj-0000h9-9z ** s [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:53 1IjADj-0000h9-9z Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij9m7-0000Vv-Fv Message is frozen
> 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd ** dwtqupj [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij9Cw-0000FX-Fd Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij6K5-0007UW-IK Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij6K5-0007UW-IK ** rhb [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij6K5-0007UW-IK Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij60A-0007Mk-Io Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij60A-0007Mk-Io ** lkeykcw [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij60A-0007Mk-Io Frozen (delivery error message)
> 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs ** xl [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:53 1Ij6Jf-0007UB-Gs Frozen (delivery error message)
> 2007-10-22 01:02:53 1IizF9-0004Sx-4u Unfrozen by auto-thaw
> 2007-10-22 01:02:53 1IizF9-0004Sx-4u ** tv [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:53 1IizF9-0004Sx-4u Frozen (delivery error message)
> 2007-10-22 01:02:53 1IixJx-0000be-UN Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1IixJx-0000be-UN ** udxhxj [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1IixJx-0000be-UN Frozen (delivery error message)
> 2007-10-22 01:02:54 1IiyQG-00048A-9f Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1IiyQG-00048A-9f ** xahe [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1IiyQG-00048A-9f Frozen (delivery error message)
> 2007-10-22 01:02:54 1IizJM-0004Uw-8k Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1IizJM-0004Uw-8k ** gl [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1IizJM-0004Uw-8k Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij06y-0004q8-MV Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij06y-0004q8-MV ** lofgam [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij06y-0004q8-MV Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX ** v [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij1WP-0005Qc-IX Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs ** rxpwh [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij5PQ-00076J-Fs Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij8LN-0008K6-7C Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij8LN-0008K6-7C ** ofv [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij8LN-0008K6-7C Frozen (delivery error message)
> 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Unfrozen by auto-thaw
> 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa ** sgcgd [at] lyceefrancais:
> Unrouteable address
> 2007-10-22 01:02:54 1Ij8Lx-0008KK-Pa Frozen (delivery error message)
> 2007-10-22 01:02:54 End queue run: pid=4879
> 2007-10-22 01:03:02 Connection from [210.23.1.3] refused: too many
> connections
>
> ***
> I guess it's a spammer trying to use our email domain name to send his
> messages.
> If you have any idea. I will also accept insults if i missed something
> in documentation :)
>
> Thank you in advance.
>
> Paul.
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


holborn-exim at real-life

Oct 26, 2007, 4:08 AM

Post #4 of 5 (858 views)
Permalink
Re: SMTP timeout [In reply to]

Paul LUNETTA wrote:
> Hi,
>
> I am pretty sure that i have a breach in my security.
> I doubled the capacity of SMTP accepted
>
> smtp_accept_max = 100 (instead of 50)
> smtp_accept_max_per_host = 50 (instead of 25)
>
> and it has been fullfilled while there was only 2 internal users connected !
>
> I made some "open relay" tests. All say "ok"
> How can I really test my security and/or trace these spammers ?
>
> Thank you if you can help and sorry for my poor english.

I note that in the original post (tho obfusicated), that a web
server was involved. Is there a rogue cgi which is being used
to submit mail perchance? You could check your web logs to
confirm.

Regards

D.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


sysadmin at lyceefrancais

Oct 28, 2007, 6:55 PM

Post #5 of 5 (853 views)
Permalink
Re: SMTP timeout [In reply to]

Hi Drav,

Thank you for your answer.
My web server and email server are the same.

I don't know what to look for in the web logs.
I just looked in the acces_log and find one GET on awstats cgi that
doesn't seems abnormal.
Could you help me ?

Regards

Paul.


Drav Sloan a écrit :
> Paul LUNETTA wrote:
>
>> Hi,
>>
>> I am pretty sure that i have a breach in my security.
>> I doubled the capacity of SMTP accepted
>>
>> smtp_accept_max = 100 (instead of 50)
>> smtp_accept_max_per_host = 50 (instead of 25)
>>
>> and it has been fullfilled while there was only 2 internal users connected !
>>
>> I made some "open relay" tests. All say "ok"
>> How can I really test my security and/or trace these spammers ?
>>
>> Thank you if you can help and sorry for my poor english.
>>
>
> I note that in the original post (tho obfusicated), that a web
> server was involved. Is there a rogue cgi which is being used
> to submit mail perchance? You could check your web logs to
> confirm.
>
> Regards
>
> D.
>
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.