Results 1 to 5 of 5
  1. #1

    Question Mail Server starts and server freeze

    Hello,



    i have mail problem for last two days 13th February and 14th February. But last two days i did not any update for mail server or no other servers.



    So when i ask the my hosting firm about problem, they say this may be an attack to port 25. But up to now we have any solution.



    Now i want to say all informations in my mind to explain the problem on the server.



    In our web server we have 235 virtual servers, 235 web sites and 1079 mail/ftp users and 193 (maybe actually less than 193 in use) Mysql db.



    The most active domain is sakaryarehberim.com. This is our own sites. In this site we sent ourselves mails about users form activities. But i do not think this is cause of problem. So before this there is no problem in mail traffic.



    Some of other domains mail quotas may be exceeded. But before this, we did not have about this quota exceeding.



    When the problem occurs process count increase from 170-250 to 700-800. So the CPU wa percentage is close to 100% like 90-98%, and the server down. And unless shutting down Postfix mail server, web server freeze. And it takes 20-30 minutes to turn normal state of server.



    When process number 700-800 a lot of lookup-domain.p process shown in top function. After shutting down Postfix server while process number 300-350 a lot of miniserv.pl and miniserv.pl <defunct> process.



    And i restart the postfix mail server in 2030 second process number reach to 700-800 again.



    Thank you for your help.



    Tamer UZUN

  2. #2
    Join Date
    Feb 2004
    Location
    UK
    Posts
    1,431
    Hi

    If you have pinned it down to postfix, you may have a large number of emails waiting to be sent.

    Do you have spamassassin configured to work with postfix ?

    Whilst postfix is shut down. have you looked at the logs for postfix ?

    it may tell you if you are getting hundreds of connections..

    In order to get rid of the queue, you may have to tweak the settings in postfix (if that is the problem)

    Thanks

  3. #3
    thank you.

  4. #4
    Join Date
    Dec 2007
    Posts
    32
    Something to check would be how email to a non existent address is handled. I know that a couple of resellers on my server had set their email up in cpanel so that all rejected mail got sent to the main account for that domain. When a large spam run came in, the mail queue got overloaded with so much email that the queue and the email directories for a couple of accounts had to be deleted manually.

    When they set their accounts to reject mail that is to a non existent email account right away, the problem went away as well. In this case the problem was a couple of domains that had been around for quite a while and are spam targets as a result.

  5. #5
    Join Date
    Feb 2008
    Location
    Houston, Texas, USA
    Posts
    3,262
    Quote Originally Posted by illaki View Post
    Hello,



    i have mail problem for last two days 13th February and 14th February. But last two days i did not any update for mail server or no other servers.



    So when i ask the my hosting firm about problem, they say this may be an attack to port 25. But up to now we have any solution.

    Tamer UZUN
    This is a known case of a directed spam attack. I've witnessed this issue with some high profile sites. The unintended side effect is that your server cannot handle the load (both at the IO and CPU level).

    It is possible to prevent this attack especially if the attackers use infected hosts to conduct their spamming (distributed). You could exploit the fact that most of these rogue SMTP connections are RFC-ignorant.

    So for example, you could use Nolisting (bogus front line MX) or greeting delay. Hopefully, your provider can accommodate for these simple configurations.

    As a last resort, check out email service provider that can scrub your email for you.

    Good luck
    UNIXy - Fully Managed Servers and Clusters - Established in 2006
    Server Management - Unlimited Servers. Unlimited Requests. One Plan!
    cPanel Varnish Plugin -- Seamless SSL Caching (Let's Encrypt, AutoSSL, etc)
    Slow Site or Server? Unable to handle traffic? Same day performance fix: joe@unixy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •