Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

rblsmtpd problem

From: "damian solari" <damiansolari () gmail com>
Date: Thu, 11 Jan 2007 12:00:32 -0300
Hi, list.

I´m the system administrator of an ISP in Uruguay and between 7th and
8th January I had the following problem with the SMTP server:

The mail server is running Qmail with tcpserver and daemontools, and
during the days I have just mentioned it generated an excess of
connections of the rblsmtpd program. This happened because whenever
the program made a query to  bl.spamcop.net the connection stayed in
"close_wait" state, and the consequence was about 92 or 115
connections in "close_wait" state. This caused the server to stop
accepting more SMTP connections and it didn´t allow the clients to
connect to the server and send mail.

As the primary mail server didn´t accept more connections, these
connections were sent to the secondary mail server, which finally was
saturated -since we have near 1300 clients-. I restarted the server,
but the connections  rblsmtpd in "close_wait" state increased
immediately, and the server returned to the previous behavior -not
accepting more SMTP connections-.

Finally I realized that the solution to the problem was "killing" the
rblsmtpd connections that were in "close_wait" state and then the
clients were able to connect again to the server without having any
problem. Therefore, the only idea I could think of was creating a
script that verified the rblsmtpd connections in "close_wait" state
every 5 minutes and "killed" them.

I would be grateful if you could please suggest me a better solution
to this problem than what I thought of.

I also need to know how much time the rblsmtpd takes for making a
query and if every time it makes a query the connection is closed
immediately (this is the way it works?)

Thank you,


Damián


 P.D.: my concurrency incoming of SMTP connections is set to 70 at the moment.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: