Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP connection limits
  •  
kokhong

Messages: 37
Karma: -1
Send a private message to this user
Hi All,

Does anyone have experience dealing with sudden surge of incoming smtp connections? Nothing that we do seems to clear the number smtp connections.

We have raised the max from 100 to 1000 connections, but it max out rather quickly. In the smtp logs, we see a lot of blank from:<> to random addresses<_at_>ourdomain.

Our mail server has 2Gb of RAM...would it be able to handle say. 10,000 connections? Is there a better way to handle this problem other than increasing connection counts and wait for the problem to subside?

Thanks,
Kok-Hong
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
I would say you are probably getting slammed with viruses. The only other email that causes the blank from:<> is the return receipts. If you have someone sending out massive recipient messages and requesting a Read or Delivered Receipt. But if they are coming to random addresses, I would point at viruses.

Try blocking them using the Blacklists Tab under the SMTP Server config. I use SORBS (dnsbl.sorbs.net)and SPAMHAUS (sbl-xbl.spamhaus.org). One of them maintains a list of infected computers and blocks email from that IP (not legit email through their ISP, just viruses and spam from the IP.)

Hope that helps
  •  
jbordeau

Messages: 2
Karma: 0
Send a private message to this user
Hi all,
There is one solution : try to add rules filter !
see below :
add new rules (menu spam filter) - >
Field : From is missing : reject !
i have same problem ! ...

JB
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
Tr!une wrote on Fri, 10 December 2004 10:23

I would say you are probably getting slammed with viruses. The only other email that causes the blank from:<> is the return receipts. If you have someone sending out massive recipient messages and requesting a Read or Delivered Receipt. But if they are coming to random addresses, I would point at viruses.

Try blocking them using the Blacklists Tab under the SMTP Server config. I use SORBS (dnsbl.sorbs.net)and SPAMHAUS (sbl-xbl.spamhaus.org). One of them maintains a list of infected computers and blocks email from that IP (not legit email through their ISP, just viruses and spam from the IP.)

Hope that helps


Blacklists aren't going to filter out this flood of SMTP connections. Blacklists block after the connections are made and initialized.

The blacklist functionality in KMS has (had? I never heard back from my bug report) some serious performance limitations. It would often crash KMS under heavier loads.

You should see "Sender-Host:" fields in your log entrys for all these sessions. Where do they point to? Local network? Outside network? A specific segment of an outside network?

It's quite possibly viral activity or a spammer's malfunctioning spamware. But is it in your boat?

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
True it blocks it after the connection is made, but before KMS puts much effort into the connection. The block would prevent KMS from further trying to handle the "no such user" response or routing the spam. That would make the connect/disconnect quicker. Much better than the rule filter solution anyway.


I run the blacklist feature on 5.7.10 and it is chugging along fine. But we are less than 100 users, so not super heavy loads.

I do concur that it would be worthwile to rule out one of the internal network connections.
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
Tr!une wrote on Fri, 10 December 2004 11:36

True it blocks it after the connection is made, but before KMS puts much effort into the connection. The block would prevent KMS from further trying to handle the "no such user" response or routing the spam. That would make the connect/disconnect quicker. Much better than the rule filter solution anyway.


I run the blacklist feature on 5.7.10 and it is chugging along fine. But we are less than 100 users, so not super heavy loads.

I do concur that it would be worthwile to rule out one of the internal network connections.


We seem to be averaging about 15-20 SMTP connections at any given time (according to my graphs) with frequent peaks of 50 to even 100 SMTP connections (probably spammers ;). We have roughly 1300 pretty active users running fine on a single KMS box (well, as long as blacklists are turned off ;).

We're now running a forward mail gateway using linux/postfix/amavisd-new+spamassassin that significantly cuts off the spam and virus loads from our KMS server.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
kokhong

Messages: 37
Karma: -1
Send a private message to this user
Thanks guys for the replies...

Will keep the list updated as we continue to monitor the situation... We may try to tweak the smtp send/recv timeout values and see if that helps.

We had enabled a number of blacklists and rules but those didn't seems to help... 2 hr ave is 80,000 connections... All connections coming from external ip ranges....

Although we had set Kerio to ignore limits for internal ip ranges, internal clients are unable to get smtp or pop connections reliably...keeps being refused connections.
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
Quote:


Although we had set Kerio to ignore limits for internal ip ranges, internal clients are unable to get smtp or pop connections reliably...keeps being refused connections.


This is what we experienced when we made use of several blacklists. If I remember correctly, a Kerio tech said that when you enable a lot of blacklists, SMTP timeouts can occur, because SMTP connections must sit and wait for several blacklist DNS name resolutions to occur.

I could be wrong, it could be the Actifed talking.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
Previous Topic: your machine specs, please
Next Topic: Web access to Different Domain !!
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 01:28:23 CET 2017

Total time taken to generate the page: 0.00469 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.