blocked with too many connections port 465

[jlucho]

hi guys


I am receiving alerts of this type
more than 2 thousand connections to port 465

====================
Subject:

lfd on s1.MyServer.com: 200.x.y.76 blocked with too many connections
====================
Body:

Time: Thu Jul 27 15:32:37 2023 -0500
IP: 200.x.y.76
Connections: 2607
Blocked: Temporary Block for 1800 seconds [CT_LIMIT]

Connections:
tcp: 200.x.y.76:26717 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:61086 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:62815 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:65139 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:63776 -> 67.x.y.58:465 (SYN_RECV)



How can you solve this excessive or abuse of connection attempts?

 

[jlucho]

I have this configuration
CT_LIMIT=50
CT_INTERVAL=30
CT_BLOCK_TIME =3600
CONNLIMIT = 465;50

 

[retechpro]

I have this configuration
CT_LIMIT=50
CT_INTERVAL=30
CT_BLOCK_TIME =3600
CONNLIMIT = 465;50

Faced the same issue yesterday. Received exim down again and again. I checked the connection on smtp and there was lot of ips that were connecting and all are bot types. I blocked all of these and then issue resolved.

 

[cPRex]

Hey there! There isn't anything you need to solve here as LFD is doing its job and blocking the connections. You may want to ensure you have CSF/LFD configured to permanently ban those IPs so they can't try to connect again.