4.7.0 too many connections from Tbird client

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

4.7.0 too many connections from Tbird client

Voytek
one of the users reported getting on TBird client:

"Alert an error occurred when sending mail: the mail server sent incorrect
greeting 4.7.0 error too many connections from 110.170.19.146"

# grep '110.170.19.146' /var/log/maillog | wc
   1349   24838  304573

I've tried
# grep 'too many' /var/log/maillog
Jan 23 22:13:24 geko postfix/postscreen[14348]: NOQUEUE: reject: CONNECT
from [113.121.240.227]:64523: too many connections
Jan 23 23:32:43 geko postfix/postscreen[14348]: NOQUEUE: reject: CONNECT
from [113.121.240.227]:55473: too many connections
Jan 24 06:42:00 geko postfix/postscreen[3426]: NOQUEUE: reject: CONNECT
from [49.83.129.9]:65329: too many connections

but that's not related I think?

how can I find this and fix or understand?



Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Noel Jones-2
On 1/23/2018 3:39 PM, Voytek wrote:
> one of the users reported getting on TBird client:
>
> "Alert an error occurred when sending mail: the mail server sent incorrect
> greeting 4.7.0 error too many connections from 110.170.19.146"
>



Find the error in the postfix log for the user's IP address.  The
postfix error may not be the same as what the user is presented with.




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Voytek
On Wed, January 24, 2018 8:47 am, Noel Jones wrote:

> Find the error in the postfix log for the user's IP address.  The
> postfix error may not be the same as what the user is presented with.


Noel,

thanks

I can only see this, am I using correct search criteria though ??

# grep '110.170.19.146' /var/log/maillog | grep error
Jan 23 20:12:45 geko postfix/smtpd[15596]: SSL_accept error from
110-170-19-146.static.asianet.co.th[110.170.19.146]: lost connection

and

# grep '110.170.19.146' /var/log/maillog | grep "Jan 23 20:12"
Jan 23 20:12:44 geko postfix/smtpd[15596]: connect from
110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 23 20:12:45 geko postfix/smtpd[15596]: SSL_accept error from
110-170-19-146.static.asianet.co.th[110.170.19.146]: lost connection
Jan 23 20:12:45 geko postfix/smtpd[15596]: lost connection after STARTTLS
from 110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 23 20:12:45 geko postfix/smtpd[15596]: disconnect from
110-170-19-146.static.asianet.co.th[110.170.19.146] ehlo=1 starttls=0/1
commands=1/2
Jan 23 20:12:52 geko postfix/smtpd[15596]: connect from
110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 23 20:12:53 geko postfix/smtpd[15596]: Anonymous TLS connection
established from 110-170-19-146.static.asianet.co.th[110.170.19.146]:
TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Jan 23 20:12:54 geko postfix/smtpd[15596]: 0F2D062B9553:
client=110-170-19-146.static.asianet.co.th[110.170.19.146],
sasl_method=PLAIN, sasl_username=[hidden email]
Jan 23 20:12:58 geko postfix/smtpd[15596]: disconnect from
110-170-19-146.static.asianet.co.th[110.170.19.146] ehlo=2 starttls=1
auth=1 mail=1 rcpt=10 data=1 quit=1 commands=17



Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Noel Jones-2
On 1/23/2018 4:20 PM, Voytek wrote:

> On Wed, January 24, 2018 8:47 am, Noel Jones wrote:
>
>> Find the error in the postfix log for the user's IP address.  The
>> postfix error may not be the same as what the user is presented with.
>
>
> Noel,
>
> thanks
>
> I can only see this, am I using correct search criteria though ??
>
> # grep '110.170.19.146' /var/log/maillog | grep error
> Jan 23 20:12:45 geko postfix/smtpd[15596]: SSL_accept error from
> 110-170-19-146.static.asianet.co.th[110.170.19.146]: lost connection
>

You should grep for "reject:", not error:


> and
>
> # grep '110.170.19.146' /var/log/maillog | grep "Jan 23 20:12"
> Jan 23 20:12:44 geko postfix/smtpd[15596]: connect from
> 110-170-19-146.static.asianet.co.th[110.170.19.146]
> Jan 23 20:12:45 geko postfix/smtpd[15596]: SSL_accept error from
> 110-170-19-146.static.asianet.co.th[110.170.19.146]: lost connection
> Jan 23 20:12:45 geko postfix/smtpd[15596]: lost connection after STARTTLS
> from 110-170-19-146.static.asianet.co.th[110.170.19.146]

a connection fails STARTTLS.

> Jan 23 20:12:45 geko postfix/smtpd[15596]: disconnect from
> 110-170-19-146.static.asianet.co.th[110.170.19.146] ehlo=1 starttls=0/1
> commands=1/2
> Jan 23 20:12:52 geko postfix/smtpd[15596]: connect from
> 110-170-19-146.static.asianet.co.th[110.170.19.146]
> Jan 23 20:12:53 geko postfix/smtpd[15596]: Anonymous TLS connection
> established from 110-170-19-146.static.asianet.co.th[110.170.19.146]:
> TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
> Jan 23 20:12:54 geko postfix/smtpd[15596]: 0F2D062B9553:
> client=110-170-19-146.static.asianet.co.th[110.170.19.146],
> sasl_method=PLAIN, sasl_username=[hidden email]
> Jan 23 20:12:58 geko postfix/smtpd[15596]: disconnect from
> 110-170-19-146.static.asianet.co.th[110.170.19.146] ehlo=2 starttls=1
> auth=1 mail=1 rcpt=10 data=1 quit=1 commands=17



and a few seconds later STARTTLS succeeds, and that IP successfully
sends mail from user hr@ to 10 recipients.

Are there many users on that same IP via a NAT?



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Voytek
On Wed, January 24, 2018 9:34 am, Noel Jones wrote:

> You should grep for "reject:", not error:

Noel, thanks again,

(log since Jan 21)

# grep '110.170.19.146' /var/log/maillog | grep "lost connection"

Jan 22 14:37:02 geko postfix/smtpd[4701]: lost connection after DATA
(257981 bytes) from 110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 22 17:05:06 geko postfix/smtpd[13350]: lost connection after DATA
(1146873 bytes) from 110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 22 18:28:44 geko postfix/smtpd[18212]: lost connection after DATA (0
bytes) from 110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 23 20:12:45 geko postfix/smtpd[15596]: SSL_accept error from
110-170-19-146.static.asianet.co.th[110.170.19.146]: lost connection
Jan 23 20:12:45 geko postfix/smtpd[15596]: lost connection after STARTTLS
from 110-170-19-146.static.asianet.co.th[110.170.19.146]
Jan 24 13:12:47 geko postfix/smtpd[5216]: SSL_accept error from
110-170-19-146.static.asianet.co.th[110.170.19.146]: lost connection
Jan 24 13:12:47 geko postfix/smtpd[5216]: lost connection after STARTTLS
from 110-170-19-146.static.asianet.co.th[110.170.19.146]


> and a few seconds later STARTTLS succeeds, and that IP successfully sends
> mail from user hr@ to 10 recipients.
>
> Are there many users on that same IP via a NAT?

around ~50. they're quite 'remote', server is in Sydney, they're in .th ,
I'm not sure what sort of connectivity the LAN there has

pflogsumm since Jan 21
Host/Domain Summary: Message Delivery
--------------------------------------
 sent cnt  bytes   defers   avg dly max dly host/domain
 -------- -------  -------  ------- ------- -----------
   3842     1649m       0    11.0 s   28.4 m  tld.com.au




Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Voytek
In reply to this post by Noel Jones-2
On Wed, January 24, 2018 9:34 am, Noel Jones wrote:

> and a few seconds later STARTTLS succeeds, and that IP successfully sends
> mail from user hr@ to 10 recipients.
>
> Are there many users on that same IP via a NAT?

Noel,

just noticed I do NOT have that IP entered in 'mynetworks =', it used to
be, somehow, it;s missing, just adding it back

is that my problem, or, part of my problem, or ?


Jan 24 20:22:13 geko postfix/smtpd[4706]: warning: Connection rate limit
exceeded: 21 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
service submission
Jan 24 20:26:01 geko postfix/smtpd[6816]: warning: Connection rate limit
exceeded: 22 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
service submission
Jan 24 20:26:45 geko postfix/smtpd[6816]: warning: Connection rate limit
exceeded: 23 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
service submission


Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Matus UHLAR - fantomas
>On Wed, January 24, 2018 9:34 am, Noel Jones wrote:
>> and a few seconds later STARTTLS succeeds, and that IP successfully sends
>> mail from user hr@ to 10 recipients.
>>
>> Are there many users on that same IP via a NAT?

On 24.01.18 22:50, Voytek wrote:
>just noticed I do NOT have that IP entered in 'mynetworks =', it used to
>be, somehow, it;s missing, just adding it back

you usually should not need nor do that.

>is that my problem, or, part of my problem, or ?
>
>
>Jan 24 20:22:13 geko postfix/smtpd[4706]: warning: Connection rate limit
>exceeded: 21 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
>service submission

submission service usually does not use mynetworks.

try adding that IP to smtpd_client_event_limit_exceptions (if you trust that
IP) or increase smtpd_client_connection_rate_limit

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Noel Jones-2
In reply to this post by Voytek
On 1/24/2018 5:50 AM, Voytek wrote:

> On Wed, January 24, 2018 9:34 am, Noel Jones wrote:
>
>> and a few seconds later STARTTLS succeeds, and that IP successfully sends
>> mail from user hr@ to 10 recipients.
>>
>> Are there many users on that same IP via a NAT?
>
> Noel,
>
> just noticed I do NOT have that IP entered in 'mynetworks =', it used to
> be, somehow, it;s missing, just adding it back
>
> is that my problem, or, part of my problem, or ?
>
>
> Jan 24 20:22:13 geko postfix/smtpd[4706]: warning: Connection rate limit
> exceeded: 21 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
> service submission
> Jan 24 20:26:01 geko postfix/smtpd[6816]: warning: Connection rate limit
> exceeded: 22 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
> service submission
> Jan 24 20:26:45 geko postfix/smtpd[6816]: warning: Connection rate limit
> exceeded: 23 from 110-170-19-146.static.asianet.co.th[110.170.19.146] for
> service submission
>
>


Instead of adding them to mynetworks, add that IP (and any other
remote offices) to smtpd_client_event_limit_exceptions.



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Voytek
On Thu, January 25, 2018 2:58 am, Noel Jones wrote:

> Instead of adding them to mynetworks, add that IP (and any other
> remote offices) to smtpd_client_event_limit_exceptions.

On Wed, January 24, 2018 10:59 pm, Matus UHLAR - fantomas wrote:

> submission service usually does not use mynetworks.
>
> try adding that IP to smtpd_client_event_limit_exceptions (if you trust
> that IP) or increase smtpd_client_connection_rate_limit


Noel, Matus, thanks

in the past, I've usually entered remote office IPs into mynetworks

is putting remote office IPs into mynetworks, is that something that was
done in the past, with sending on port 25, but not anymore with using
submission ?

I currently have old_mail_server, new_mail_server

should mynetworks include other mail server IPs and 127.0.0.1;
but, all remote offices go into smtpd_client_connection_rate_limit ?


thanks again, V


Reply | Threaded
Open this post in threaded view
|

Re: 4.7.0 too many connections from Tbird client

Matus UHLAR - fantomas
On 25.01.18 12:43, Voytek wrote:

>in the past, I've usually entered remote office IPs into mynetworks
>
>is putting remote office IPs into mynetworks, is that something that was
>done in the past, with sending on port 25, but not anymore with using
>submission ?
>
>I currently have old_mail_server, new_mail_server
>
>should mynetworks include other mail server IPs and 127.0.0.1;
>but, all remote offices go into smtpd_client_connection_rate_limit ?

it depends. mynetworks is just a setting that is used in some other rules,
usually to avoid client restrictions like rate limiting, relay control etc.

smtpd_client_event_limit_exceptions defaults to $mynetworks.

if you need any more bonuses to your offices like avoiding the need of SMTP
authentication, add them to mynetworks. Otherwise, just use
smtpd_client_event_limit_exceptions
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)