exim "too many connections" ..how to block in iptables?

F

firebit

Member
Apr 12, 2006
8
0
151
lately i'm getting way too many errors like these on my exim_mainlog:

2006-04-25 06:31:03 Connection from [82.253.87.242] refused: too many connections
2006-04-25 06:31:03 Connection from [151.38.243.112] refused: too many connections
2006-04-25 06:31:05 Connection from [81.44.111.148] refused: too many connections
2006-04-25 06:31:06 Connection from [201.254.157.130] refused: too many connections
2006-04-25 06:31:08 Connection from [165.165.237.38] refused: too many connections
2006-04-25 06:31:08 Connection from [217.132.36.246] refused: too many connections

is there any way to automatically block these through iptables? or is there any script available?
 
W

WebViper

Registered
Mar 25, 2006
3
0
151
kernel upgrade ?

I spoke with BobCares and they said that their is no way a kernel upgrade would solve this issue. If any other people resolved this issue with a kernel upgrade please post it!

Again If any other people resolved this issue with a kernel upgrade please post it!



The stuff Nick and cpanel did did not resolve our issue as we thought!
 
I

ivankovalenko

Active Member
Jul 19, 2005
38
0
156
Guys, the lines mentioned above are that exim cant accept connections from hosts in square brackets becouse of it has already reahed smtp_max_connect. It's not nessesary that those hosts are evil. Maybe some other ip has smtp'ed your exim up. So you'd better check smtp_accept_max_per_host setting - limit incoming smtp connection from host.

Also you should use your iptables filter at full. Check SYN incoming packets on 25 port and limit it to some reasonable value (man iptables). And so on...
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
34
473
Go on, have a guess
Indeed. I'm not sure if the second poster is in the wrong thread, since this has nothing to do with the kernel. Your exim connections are being flooded and you need to curtail them as ivankovalenko suggests, or have a trawl over at www.exim.org. Also, make sure that you're not using any exim ACL's that use the delay command which can also make this happen.
 
I

IPSecureNetwork

Well-Known Member
May 28, 2005
97
0
156
exim attack

uhmm maybe you are unde some kind of attack whit botnet against the port 25..
if you use apf and you not have customers whit ehe CDIR conected to the port 25 .. just block them whit apf -d 151.0.0.0/8 for example or if you want to be a little more specific make thic kind of ban . apf -d 151.38.0.0/8
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S exim.conf rebuild fails with " too many named host lists (max is 16)" error Email 5
G Recent cPanel update causes Eximstats to use up too many resources? Email 1
P Exim too many processes Email 1
S Toomany eximwrap Email 2
E Too many phishing emails with MY email address: Exim question Email 7
Similar threads
exim.conf rebuild fails with " too many named host lists (max is 16)" error
Recent cPanel update causes Eximstats to use up too many resources?
Exim too many processes
Toomany eximwrap
Too many phishing emails with MY email address: Exim question
Top Bottom