Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th March 2010, 03:26
unixfox unixfox is offline
Member
 
Join Date: Oct 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix generating lots of processes, mail stopped

For some reason my mail has stopped working, well almost. The server is so slow I can hardly do anything with it. I noticed postfix generating lots of processess like the ones below. These are just a few.

Also, I am noticing a lot of things showing up when I do a netstat -tap. You can see those below the postfix processes that I have posted here. There are at least a hundred of these.

What can I do to stop this? Thanks in advance!

postfix 4067 3633 0 20:12 ? 00:00:00 anvil -l -t unix -u
postfix 4442 3633 0 20:15 ? 00:00:00 cleanup -z -t unix -u
postfix 4484 3633 0 20:15 ? 00:00:00 smtpd -n smtp -t inet -u -v
postfix 4752 3633 0 20:17 ? 00:00:00 scache -l -t unix -u
postfix 4767 3633 0 20:17 ? 00:00:00 cleanup -z -t unix -u
postfix 4769 3633 0 20:17 ? 00:00:00 smtp -t unix -u
postfix 4771 3633 0 20:17 ? 00:00:00 smtp -t unix -u
postfix 4772 3633 0 20:17 ? 00:00:00 smtp -t unix -u
postfix 4774 3633 0 20:17 ? 00:00:00 smtp -t unix -u
postfix 5080 3633 0 20:19 ? 00:00:00 smtpd -n smtp -t inet -u -v
postfix 5343 3633 0 20:21 ? 00:00:00 bounce -z -t unix -u
postfix 5437 3633 0 20:22 ? 00:00:00 bounce -z -t unix -u
postfix 5460 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u
postfix 5461 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u
postfix 5462 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u
postfix 5463 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u

netstat -tap

tcp 1 1 www.selectgroupusa.co:36447 imp-1.mail.tiscali.it:smtp CLOS
ING -
tcp 1 1 www.selectgroupusa.co:56822 xm-cos4.infosec.fedex.:smtp CLOS
ING -
tcp 1 1 www.selectgroupusa.co:57643 mx4.uk.tiscali.com:smtp CLOS
ING -
tcp 1 1 www.selectgroupusa.co:45326 rmail-177.hanmail.net:smtp CLOS
ING -
tcp 0 1 www.selectgroupusa.co:51501 www.globalsources.com:smtp SYN_
SENT -
tcp 0 1 www.selectgroupusa.co:35687 74-117-114-85.parked.c:smtp SYN_
SENT 3716/smtp
tcp 0 1 www.selectgroupusa.co:43625 coldwellbankermaryland:smtp SYN_
SENT -
tcp 1 1 www.selectgroupusa.co:59541 rmail-261.hanmail.net:smtp CLOS
ING -
tcp 1 1 www.selectgroupusa.co:56219 aimail3.emirates.net.a:smtp CLOS
ING -
tcp 1 1 www.selectgroupusa.co:41566 customer-filter-4.mail:smtp CLOS
ING -
tcp 1 1 www.selectgroupusa.co:41567 customer-filter-4.mail:smtp CLOS
Reply With Quote
Sponsored Links
  #2  
Old 4th March 2010, 11:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,478
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Looks like someone is attacking your email server.

1) Any errors in the mail log?
2) Check your server if it is a open relay:

http://www.abuse.net/relay.html
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 4th March 2010, 23:43
unixfox unixfox is offline
Member
 
Join Date: Oct 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I tested for relay and all looks good.

>>> RSET
<<< 250 Ok
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 Ok
>>> RCPT TO:<securitytest@abuse.net>
<<< 554 <securitytest@abuse.net>: Relay access denied

I've turned off Postfix and Dovecot just to see if it made a difference in the performance. It didn't. something is bogging down the server to a crawl but I can't seem to nail it down.

any suggestions?

Thanks all!
Reply With Quote
  #4  
Old 5th March 2010, 10:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,478
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Check the server with the top command. The processes listet at the top of the list are consuming the most resources.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 8th March 2010, 18:49
unixfox unixfox is offline
Member
 
Join Date: Oct 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
Looks like someone is attacking your email server.

1) Any errors in the mail log?
2) Check your server if it is a open relay:

http://www.abuse.net/relay.html

I see literally hundreds of these in my mail log. I cannot find where they are coming from.

Mar 8 11:45:01 home postfix/qmgr[22129]: 6EE2C560180: to=<paintsil.abraham@yaho
o.com>
, relay=none, delay=239608, status=deferred (delivery temporarily suspende
d: connect to g.mx.mail.yahoo.com[98.137.54.238]: server refused to talk to me:
421 4.7.1 [TS03] All messages from 24.116.175.13 will be permanently deferred; R
etrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html )
Mar 8 11:45:01 home postfix/qmgr[22129]: 657155A1942: from=<>, size=11258, nrcp
t=1 (queue active)

The same email address shows up in almost all of them.

Any solution?

Thanks
Reply With Quote
  #6  
Old 8th March 2010, 19:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,478
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

1) Does your server ahs a fixed IP or dynamic IP?
2) Whats the result of the open relay check?
3) Check if your server is on a email blacklist.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 8th March 2010, 20:01
unixfox unixfox is offline
Member
 
Join Date: Oct 2006
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
1) Does your server ahs a fixed IP or dynamic IP?
2) Whats the result of the open relay check?
3) Check if your server is on a email blacklist.
I have a fixed IP address.
The open relay test shows no relaying allowed.
Not sure about black lists yet.

I'll check those, but it's weird that the server would be extremely slow.

Thanks Till!
Reply With Quote
  #8  
Old 9th March 2010, 15:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
 
Default

You can run a blacklist check here: http://mxtoolbox.com/blacklists.aspx
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How cai remove amavis from postfix ? gabrix Server Operation 16 2nd October 2012 09:58
Why did Squirrelmail, Dovecot/IMAP & Outbound mail break? websissy Technical 4 29th October 2009 22:39
Postfix + postfixadmin = SMTP errors... Rashef Server Operation 4 25th June 2009 16:12
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 07:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.