vadud3 at gmail
Feb 3, 2012, 6:44 PM
Post #3 of 5
On Fri, Feb 3, 2012 at 8:40 PM, Andy Bradford
<amb-sendok-1330911659.fbmioobiocpoaipnkikb [at] bradfords> wrote:
> Thus said Asif Iqbal on Fri, 03 Feb 2012 02:56:56 EST:
>> I am seeing all 120 incoming connections are staying filled up.
> Why are they staying filled up? There are many reasons why this could be
> happening. Is the server under a Denial of Service attack? Or, is it
> just a few hosts that seem to be holding the connection open longer than
> they should? Use tcpdump (or recordio) to find out what's happening.
> It's possible that some spammer just has a broken SMTP client and is not
> QUITing in a suitable amount of time.
> Before you start applying patches and potential solutions, you need to
> identify the actual problem.
I also noticed multiple greylite process was running for long time, like below.
(iqbala)@qmail:~$ ps -eo pid,etime,args | grep g[r]ey
12909 03:34:35 /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd
It should not be running longer than few seconds when system working correctly
So far, only quick fix was rebooting the mailserver.
Here is how the qmail-smtpd starts
(iqbala)@qmail:~$ cat /service/qmail-smtpd/run
QMAILDUID=`/usr/xpg4/bin/id -u qmaild`
NOFILESGID=`/usr/xpg4/bin/id -g qmaild`
MAXSMTPD=`head -1 /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [. -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
"$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exec /usr/local/bin/softlimit -m 20000000 \
/usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -t 10 -r bl.spamcop.net -r zen.spamhaus.org \
/usr/local/bin/greylite /var/qmail/bin/qmail-smtpd 2>&1
# /usr/local/bin/rblsmtpd -t 10 -r rbl.qwestip.net -r
bl.spamcop.net -r zen.spamhaus.org \
#/usr/local/bin/greylite /var/qmail/bin/qmail-smtpd 2>&1
#/usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
I will try to kill all the greylite processes instead of rebooting the
server next time
to see if that fixes the 120/120
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?