Security Basics mailing list archives
rblsmtpd problem
From: "damian solari" <damiansolari () gmail com>
Date: Thu, 11 Jan 2007 12:00:32 -0300
Hi, list. I´m the system administrator of an ISP in Uruguay and between 7th and 8th January I had the following problem with the SMTP server: The mail server is running Qmail with tcpserver and daemontools, and during the days I have just mentioned it generated an excess of connections of the rblsmtpd program. This happened because whenever the program made a query to bl.spamcop.net the connection stayed in "close_wait" state, and the consequence was about 92 or 115 connections in "close_wait" state. This caused the server to stop accepting more SMTP connections and it didn´t allow the clients to connect to the server and send mail. As the primary mail server didn´t accept more connections, these connections were sent to the secondary mail server, which finally was saturated -since we have near 1300 clients-. I restarted the server, but the connections rblsmtpd in "close_wait" state increased immediately, and the server returned to the previous behavior -not accepting more SMTP connections-. Finally I realized that the solution to the problem was "killing" the rblsmtpd connections that were in "close_wait" state and then the clients were able to connect again to the server without having any problem. Therefore, the only idea I could think of was creating a script that verified the rblsmtpd connections in "close_wait" state every 5 minutes and "killed" them. I would be grateful if you could please suggest me a better solution to this problem than what I thought of. I also need to know how much time the rblsmtpd takes for making a query and if every time it makes a query the connection is closed immediately (this is the way it works?) Thank you, Damián P.D.: my concurrency incoming of SMTP connections is set to 70 at the moment. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- rblsmtpd problem damian solari (Jan 11)