[Users] About many connections in SMTP

Roman Kagan rkagan at sw.ru
Fri May 11 06:31:48 EDT 2007 

On Thu, May 10, 2007 at 09:35:31AM -0500, José David Bravo Álvarez wrote:
> Im using Exim 4.60, that comes with DirectAdmin. I have 
> smtp_accept_max in 130 and sometimes Im getting this error: "421 Too 
> many concurrent SMTP connections; please try again later."
> 
> I used exiwhat and netstat and I determine that yahoo servers have many 
> incoming connections to my server. Triying to determine the problem I 
> used an sniffer, its an example:
> 
> SNIFFER OUTOUT
> 250 OK
> 250 Accepted
> 354 Enter message, ending with "." on a line by itself
> 250 OK id=1HlpNN-0000Rm-7w
> QUIT
> 221 exodo.colombiahosting.com.co closing connection
> 14     FIN-WAIT-1     209.191.125.35:29978 > 66.128.49.69:smtp
> 14     TIME-WAIT      209.191.125.35:29978 > 66.128.49.69:smtp
> 14     RESET          209.191.125.35:29978 > 66.128.49.69:smtp

This log seems incomplete; however, the 'QUIT' command is processed
correctly, and the connection is closed.

> -bash-3.00#  netstat -an | grep 209.191.125.35
> tcp        0      0 66.128.49.69:25             
> 209.191.125.35:27139        ESTABLISHED
> tcp        0      0 66.128.49.69:25             
> 209.191.125.35:39853        ESTABLISHED

209.191.125.35:29978 doesn't appear on this list: everything's fine.

> -bash-3.00# exiwhat | grep 209.191.125.35
> 7549 handling incoming connection from web38404.mail.mud.yahoo.com 
> [209.191.125.35] id=1Hlow6-0001xl-It
> 23792 handling incoming connection from web38404.mail.mud.yahoo.com 
> [209.191.125.35] id=1HloZ6-0006Bk-UK
> 
> 
> and 20 minutes later I do netstat again and I get the same info. Then 
> the connections never close
> -bash-3.00# netstat -an | grep 209.191.125.35
> tcp        0      0 66.128.49.69:25             
> 209.191.125.35:27139        ESTABLISHED
> tcp        0      0 66.128.49.69:25             
> 209.191.125.35:39853        ESTABLISHED

In the normal SMTP flow the session termination is initiated by the
client by sending 'QUIT' command, and, AFAICS, it's processed correctly.
Thus what you observe - the connections remaining in ESTABLISHED state -
can be due to either of the two reasons

- your exim has too big timeouts for idle sessions
- the client keeps the session alive by talking to the server

To be sure, however, you can try the following:

1) identify the stalled connection

2) note the remote address and port number, and the pid of the process
   that serves this connection (you can use netstat -tp for that)

3) run

   strace -v -p server_pid
   
   and watch the output

4) (at the same time, in another terminal) run

   tcpdump -A -n -v host remote_addr and port remote_port

   and watch the output.

HTH,
  Roman.

More information about the Users mailing list