Postfix generating lots of processes, mail stopped

Discussion in 'General' started by unixfox, Mar 4, 2010.

  1. unixfox

    unixfox New Member

    For some reason my mail has stopped working, well almost. The server is so slow I can hardly do anything with it. I noticed postfix generating lots of processess like the ones below. These are just a few.

    Also, I am noticing a lot of things showing up when I do a netstat -tap. You can see those below the postfix processes that I have posted here. There are at least a hundred of these.

    What can I do to stop this? Thanks in advance!

    postfix 4067 3633 0 20:12 ? 00:00:00 anvil -l -t unix -u
    postfix 4442 3633 0 20:15 ? 00:00:00 cleanup -z -t unix -u
    postfix 4484 3633 0 20:15 ? 00:00:00 smtpd -n smtp -t inet -u -v
    postfix 4752 3633 0 20:17 ? 00:00:00 scache -l -t unix -u
    postfix 4767 3633 0 20:17 ? 00:00:00 cleanup -z -t unix -u
    postfix 4769 3633 0 20:17 ? 00:00:00 smtp -t unix -u
    postfix 4771 3633 0 20:17 ? 00:00:00 smtp -t unix -u
    postfix 4772 3633 0 20:17 ? 00:00:00 smtp -t unix -u
    postfix 4774 3633 0 20:17 ? 00:00:00 smtp -t unix -u
    postfix 5080 3633 0 20:19 ? 00:00:00 smtpd -n smtp -t inet -u -v
    postfix 5343 3633 0 20:21 ? 00:00:00 bounce -z -t unix -u
    postfix 5437 3633 0 20:22 ? 00:00:00 bounce -z -t unix -u
    postfix 5460 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u
    postfix 5461 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u
    postfix 5462 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u
    postfix 5463 3633 0 20:22 ? 00:00:00 bounce -z -n defer -t unix -u

    netstat -tap

    tcp 1 1 www.selectgroupusa.co:36447 imp-1.mail.tiscali.it:smtp CLOS
    ING -
    tcp 1 1 www.selectgroupusa.co:56822 xm-cos4.infosec.fedex.:smtp CLOS
    ING -
    tcp 1 1 www.selectgroupusa.co:57643 mx4.uk.tiscali.com:smtp CLOS
    ING -
    tcp 1 1 www.selectgroupusa.co:45326 rmail-177.hanmail.net:smtp CLOS
    ING -
    tcp 0 1 www.selectgroupusa.co:51501 www.globalsources.com:smtp SYN_
    SENT -
    tcp 0 1 www.selectgroupusa.co:35687 74-117-114-85.parked.c:smtp SYN_
    SENT 3716/smtp
    tcp 0 1 www.selectgroupusa.co:43625 coldwellbankermaryland:smtp SYN_
    SENT -
    tcp 1 1 www.selectgroupusa.co:59541 rmail-261.hanmail.net:smtp CLOS
    ING -
    tcp 1 1 www.selectgroupusa.co:56219 aimail3.emirates.net.a:smtp CLOS
    ING -
    tcp 1 1 www.selectgroupusa.co:41566 customer-filter-4.mail:smtp CLOS
    ING -
    tcp 1 1 www.selectgroupusa.co:41567 customer-filter-4.mail:smtp CLOS
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Looks like someone is attacking your email server.

    1) Any errors in the mail log?
    2) Check your server if it is a open relay:

    http://www.abuse.net/relay.html
     
  3. unixfox

    unixfox New Member

    I tested for relay and all looks good.

    >>> RSET
    <<< 250 Ok
    >>> MAIL FROM:<spamtest@abuse.net>
    <<< 250 Ok
    >>> RCPT TO:<securitytest@abuse.net>
    <<< 554 <securitytest@abuse.net>: Relay access denied

    I've turned off Postfix and Dovecot just to see if it made a difference in the performance. It didn't. something is bogging down the server to a crawl but I can't seem to nail it down.

    any suggestions?

    Thanks all!
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Check the server with the top command. The processes listet at the top of the list are consuming the most resources.
     
  5. unixfox

    unixfox New Member


    I see literally hundreds of these in my mail log. I cannot find where they are coming from.

    Mar 8 11:45:01 home postfix/qmgr[22129]: 6EE2C560180: to=<paintsil.abraham@yaho
    o.com>
    , relay=none, delay=239608, status=deferred (delivery temporarily suspende
    d: connect to g.mx.mail.yahoo.com[98.137.54.238]: server refused to talk to me:
    421 4.7.1 [TS03] All messages from 24.116.175.13 will be permanently deferred; R
    etrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html )
    Mar 8 11:45:01 home postfix/qmgr[22129]: 657155A1942: from=<>, size=11258, nrcp
    t=1 (queue active)

    The same email address shows up in almost all of them.

    Any solution?

    Thanks
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Does your server ahs a fixed IP or dynamic IP?
    2) Whats the result of the open relay check?
    3) Check if your server is on a email blacklist.
     
  7. unixfox

    unixfox New Member

    I have a fixed IP address.
    The open relay test shows no relaying allowed.
    Not sure about black lists yet.

    I'll check those, but it's weird that the server would be extremely slow.

    Thanks Till!
     
  8. falko

    falko Super Moderator ISPConfig Developer

Share This Page