Greetings, On Fri, 12 Apr 2024 09:01:32 +0200, gil...@poolp.org wrote: > > This looks like clients hogging connections and not releasing them, or a leak > within a filter. > > - what do you see with the `fstat` command when the issue happens ? > - do you see unusual trafic in your logs and/or `netstat` ? > - any local script gone wrong in you `ps` output ? > - and more importantly what's your configuration file like ? >
Unfortently I've restarted both mail server, and I can't answer to your questions other than provide a config. I've double checked it right now, and for 9 hours it hasn't got any unusual issue. Anyway, I've noticed an issue in hours, like 20. > Give more details please I'll try to give everything that I can. If you need more, feel free to ask. 1. smtpd.conf I've removed srs keys, comments and short the list of used DNSBL: pki mx.catap.net cert "/etc/ssl/mx.catap.net.crt" pki mx.catap.net key "/etc/ssl/private/mx.catap.net.key" table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table credentials passwd:/etc/mail/credentials queue ttl 7d bounce warn-interval 1h, 1d, 3d, 6d admd mx.catap.net smtp max-message-size 100M listen on socket action "local_mail" mbox alias <aliases> match from local for local action "local_mail" filter admdscrub proc-exec "filter-admdscrub -s" filter "auth" proc-exec "filter-auth" filter dnsbl proc-exec "filter-dnsbl -m \ all.s5h.net \ -w list.dnswl.org \ zen.spamhaus.org \ bl.local \ -w wl.local " listen on egress inet4 port smtp tls pki mx.catap.net \ filter { admdscrub, "auth", dnsbl } action deliver_lmtp lmtp "/var/dovecot/lmtp" rcpt-to virtual <aliases> match from any for domain <domains> action deliver_lmtp filter dkimsign_rsa proc-exec "filter-dkimsign -a rsa-sha1 -D /etc/mail/domains \ -s 20240125_rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign group _dkimsign filter dkimsign_ed25519 proc-exec "filter-dkimsign -a ed25519-sha256 -D /etc/mail/domains \ -s 20240125_ed25519 -k /etc/mail/dkim/20240125.ed25519.key" user _dkimsign group _dkimsign filter dkimsign chain { dkimsign_rsa } listen on egress port smtps \ smtps pki mx.catap.net auth <credentials> mask-src filter dkimsign listen on egress port submission \ tls-require pki mx.catap.net auth <credentials> mask-src filter dkimsign action "outbound" relay srs match from any auth for any action "outbound" 2. filters Almost all used filters is the fork with minimal changes, I plan to backport it as soon as it stable enough. Anyway, the code available here: - https://github.com/catap/opensmtpd-filter-dkimsign - https://github.com/catap/opensmtpd-filter-dnsbl - https://github.com/catap/opensmtpd-filter-admdscrub Plus I use a filter which implemets SPF and DKMI verify in one call which is a good candidate to be be a source of leaking because before this error message, it was warn of missed SPF domain from it. So, the source is here https://github.com/catap/opensmtpd-filter-auth 3. Output of fstat | grep smtpd: _smtpd filter-dnsbl 72770 text / 50153232 -rwxr-xr-x r 13864 _smtpd filter-dnsbl 72770 wd / 2 drwxr-xr-x r 512 _smtpd filter-dnsbl 72770 0* unix stream 0x0 _smtpd filter-dnsbl 72770 1* unix stream 0x0 _smtpd filter-dnsbl 72770 2* unix stream 0x0 _smtpd filter-dnsbl 72770 3 kqueue 0x0 0 state: W _smtpd filter-auth 57529 text / 50161556 -rwxr-xr-x r 91888 _smtpd filter-auth 57529 wd / 2 drwxr-xr-x r 512 _smtpd filter-auth 57529 0* unix stream 0x0 _smtpd filter-auth 57529 1* unix stream 0x0 _smtpd filter-auth 57529 2* unix stream 0x0 _smtpd filter-auth 57529 3 kqueue 0x0 0 state: W _smtpd filter-admdscrub 67397 text / 50153229 -rwxr-xr-x r 25688 _smtpd filter-admdscrub 67397 wd / 2 drwxr-xr-x r 512 _smtpd filter-admdscrub 67397 0* unix stream 0x0 _smtpd filter-admdscrub 67397 1* unix stream 0x0 _smtpd filter-admdscrub 67397 2* unix stream 0x0 _smtpd filter-admdscrub 67397 3 kqueue 0x0 0 state: W _smtpd table-passwd 44437 text / 50153223 -rwxr-xr-x r 45000 _smtpd table-passwd 44437 wd / 2 drwxr-xr-x r 512 _smtpd table-passwd 44437 0* unix stream 0x0 _smtpd table-passwd 44437 1 / 3875217 crw-rw-rw- rw null _smtpd table-passwd 44437 2 / 3875217 crw-rw-rw- rw null _smtpd smtpd 16336 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 16336 wd / 2 drwxr-xr-x r 512 _smtpd smtpd 16336 0* unix stream 0x0 _smtpd smtpd 16336 1* unix stream 0x0 _smtpd smtpd 16336 2* unix stream 0x0 _dkimsig smtpd 94392 text / 50051231 -r-xr-xr-x r 532008 _dkimsig smtpd 94392 wd / 2 drwxr-xr-x r 512 _dkimsig smtpd 94392 0* unix stream 0x0 _dkimsig smtpd 94392 1* unix stream 0x0 _dkimsig smtpd 94392 2* unix stream 0x0 _dkimsig smtpd 34446 text / 50051231 -r-xr-xr-x r 532008 _dkimsig smtpd 34446 wd / 2 drwxr-xr-x r 512 _dkimsig smtpd 34446 0* unix stream 0x0 _dkimsig smtpd 34446 1* unix stream 0x0 _dkimsig smtpd 34446 2* unix stream 0x0 _smtpd smtpd 20966 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 20966 wd / 2 drwxr-xr-x r 512 _smtpd smtpd 20966 0* unix stream 0x0 _smtpd smtpd 20966 1* unix stream 0x0 _smtpd smtpd 20966 2* unix stream 0x0 _smtpd smtpd 83350 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 83350 wd / 2 drwxr-xr-x r 512 _smtpd smtpd 83350 0* unix stream 0x0 _smtpd smtpd 83350 1* unix stream 0x0 _smtpd smtpd 83350 2* unix stream 0x0 _smtpd smtpd 13249 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 13249 wd / 53608468 drwxr-xr-x r 512 _smtpd smtpd 13249 root / 53608468 drwxr-xr-x r 512 _smtpd smtpd 13249 0 / 3875217 crw-rw-rw- rw null _smtpd smtpd 13249 1 / 3875217 crw-rw-rw- rw null _smtpd smtpd 13249 2 / 3875217 crw-rw-rw- rw null _smtpd smtpd 13249 3* unix stream 0x0 _smtpd smtpd 13249 4* unix stream 0x0 _smtpd smtpd 13249 5* unix stream 0x0 _smtpd smtpd 13249 6 kqueue 0x0 0 state: W _smtpq smtpd 47452 text / 50051231 -r-xr-xr-x r 532008 _smtpq smtpd 47452 wd / 53608491 drwx--x--x r 512 _smtpq smtpd 47452 root / 53608491 drwx--x--x r 512 _smtpq smtpd 47452 0 / 3875217 crw-rw-rw- rw null _smtpq smtpd 47452 1 / 3875217 crw-rw-rw- rw null _smtpq smtpd 47452 2 / 3875217 crw-rw-rw- rw null _smtpq smtpd 47452 3* unix stream 0x0 _smtpq smtpd 47452 4* unix stream 0x0 _smtpq smtpd 47452 5* unix stream 0x0 _smtpq smtpd 47452 6* unix stream 0x0 _smtpq smtpd 47452 7* unix stream 0x0 _smtpq smtpd 47452 8 kqueue 0x0 0 state: W _smtpd smtpd 1577 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 1577 wd / 53608468 drwxr-xr-x r 512 _smtpd smtpd 1577 root / 53608468 drwxr-xr-x r 512 _smtpd smtpd 1577 0 / 3875217 crw-rw-rw- rw null _smtpd smtpd 1577 1 / 3875217 crw-rw-rw- rw null _smtpd smtpd 1577 2 / 3875217 crw-rw-rw- rw null _smtpd smtpd 1577 3* unix stream 0x0 _smtpd smtpd 1577 4* unix stream 0x0 _smtpd smtpd 1577 5* unix stream 0x0 _smtpd smtpd 1577 6* unix stream 0x0 _smtpd smtpd 1577 7* unix stream 0x0 _smtpd smtpd 1577 8* internet stream tcp 0x0 162.55.82.72:25 _smtpd smtpd 1577 9* internet stream tcp 0x0 162.55.82.72:465 _smtpd smtpd 1577 10* internet stream tcp 0x0 162.55.82.72:587 _smtpd smtpd 1577 11 kqueue 0x0 0 state: W _smtpd smtpd 1577 12* internet stream tcp 0x0 *:0 _smtpd smtpd 1577 14* internet stream tcp 0x0 162.55.82.72:25 <-- 196.47.128.166:5180 _smtpd smtpd 1577 15* internet stream tcp 0x0 162.55.82.72:465 <-- 194.169.175.17:33440 _smtpd smtpd 1577 16* internet stream tcp 0x0 162.55.82.72:465 <-- 194.169.175.17:40772 _smtpd smtpd 32872 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 32872 wd / 2 drwxr-xr-x r 512 _smtpd smtpd 32872 0 / 3875217 crw-rw-rw- rw null _smtpd smtpd 32872 1 / 3875217 crw-rw-rw- rw null _smtpd smtpd 32872 2 / 3875217 crw-rw-rw- rw null _smtpd smtpd 32872 3* unix stream 0x0 _smtpd smtpd 32872 4* unix stream 0x0 _smtpd smtpd 32872 5* unix stream 0x0 _smtpd smtpd 32872 6* unix stream 0x0 _smtpd smtpd 32872 7 kqueue 0x0 0 state: W _smtpd smtpd 32872 8* unix stream 0x0 _smtpd smtpd 32872 9* unix stream 0x0 _smtpd smtpd 32872 10* unix stream 0x0 _smtpd smtpd 32872 11* unix stream 0x0 _smtpd smtpd 32872 12* unix stream 0x0 _smtpd smtpd 32872 13* unix stream 0x0 _smtpd smtpd 32872 14* unix stream 0x0 _smtpd smtpd 32872 15* unix stream 0x0 _smtpd smtpd 32872 16* unix stream 0x0 _smtpd smtpd 32872 17* unix stream 0x0 _smtpd smtpd 32872 18* unix stream 0x0 _smtpd smtpd 69134 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 69134 wd / 53608468 drwxr-xr-x r 512 _smtpd smtpd 69134 root / 53608468 drwxr-xr-x r 512 _smtpd smtpd 69134 0 / 3875217 crw-rw-rw- rw null _smtpd smtpd 69134 1 / 3875217 crw-rw-rw- rw null _smtpd smtpd 69134 2 / 3875217 crw-rw-rw- rw null _smtpd smtpd 69134 3* unix stream 0x0 _smtpd smtpd 69134 4* unix stream 0x0 _smtpd smtpd 69134 5* unix stream 0x0 _smtpd smtpd 69134 6* unix stream 0x0 _smtpd smtpd 69134 7* unix stream 0x0 _smtpd smtpd 69134 8* unix stream 0x0 _smtpd smtpd 69134 9* unix stream 0x0 /var/run/smtpd.sock _smtpd smtpd 69134 10 kqueue 0x0 0 state: W _smtpd smtpd 69134 11* unix stream 0x0 /var/run/smtpd.sock _smtpd smtpd 5802 text / 50051231 -r-xr-xr-x r 532008 _smtpd smtpd 5802 wd / 53608468 drwxr-xr-x r 512 _smtpd smtpd 5802 root / 53608468 drwxr-xr-x r 512 _smtpd smtpd 5802 0 / 3875217 crw-rw-rw- rw null _smtpd smtpd 5802 1 / 3875217 crw-rw-rw- rw null _smtpd smtpd 5802 2 / 3875217 crw-rw-rw- rw null _smtpd smtpd 5802 3* unix stream 0x0 _smtpd smtpd 5802 4* unix stream 0x0 _smtpd smtpd 5802 5* unix stream 0x0 _smtpd smtpd 5802 6 kqueue 0x0 0 state: W root smtpd 33685 text / 50051231 -r-xr-xr-x r 532008 root smtpd 33685 wd / 2 drwxr-xr-x r 512 root smtpd 33685 0 / 3875217 crw-rw-rw- rw null root smtpd 33685 1 / 3875217 crw-rw-rw- rw null root smtpd 33685 2 / 3875217 crw-rw-rw- rw null root smtpd 33685 3 kqueue 0x0 0 state: W root smtpd 33685 4* unix stream 0x0 root smtpd 33685 5* unix stream 0x0 root smtpd 33685 6* unix stream 0x0 root smtpd 33685 7* unix stream 0x0 root smtpd 33685 8* unix stream 0x0 root smtpd 33685 9* unix stream 0x0 3. additional things Machine runs a dovecot and local DNSBL which is contains a zone which is created by scripts from here https://github.com/catap/harvest-white-black-DNSBL This scripts runs few times per hour. Thus, this is quite small setup which contains two servers for dozen of users and about 1k-2k emails per day. So, here the output zgrep smtpd /var/log/maillog.0.gz | tail -n 50 mx1: Apr 10 23:31:57 mx1 smtpd[84358]: 6ccf08015a391f74 smtp authentication user=kir...@korins.ky result=permfail Apr 10 23:31:58 mx1 smtpd[84358]: 6ccf08015a391f74 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:31:58 mx1 smtpd[84358]: 6ccf08015a391f74 smtp disconnected reason=disconnect Apr 10 23:31:59 mx1 smtpd[84358]: 6ccf0800b58ca58c smtp disconnected reason=disconnect Apr 10 23:32:01 mx1 smtpd[84358]: 6ccf08020453d470 smtp connected address=94.204.65.31 host=<unknown> Apr 10 23:32:02 mx1 smtpd[84358]: 6ccf08020453d470 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:32:07 mx1 smtpd[84358]: 6ccf08020453d470 smtp authentication user=kirill result=permfail Apr 10 23:32:08 mx1 smtpd[84358]: 6ccf08020453d470 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:32:09 mx1 smtpd[84358]: 6ccf08030d5e5785 smtp connected address=157.90.134.25 host=www1.wmdd.de Apr 10 23:32:09 mx1 smtpd[84358]: 6ccf08020453d470 smtp disconnected reason=disconnect Apr 10 23:32:10 mx1 smtpd[84358]: 6ccf08030d5e5785 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:32:10 mx1 smtpd[69523]: auth: 6ccf08030d5e5785 spf_record_new: Apr 10 23:32:23 mx1 smtpd[84358]: 6ccf080432179b7a smtp connected address=194.169.175.10 host=<unknown> Apr 10 23:32:35 mx1 smtpd[84358]: 6ccf080432179b7a smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:33:04 mx1 smtpd[84358]: 6ccf080432179b7a smtp authentication user=shipp...@catap.net result=permfail Apr 10 23:33:05 mx1 smtpd[84358]: 6ccf080432179b7a smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:33:09 mx1 smtpd[84358]: 6ccf080432179b7a smtp disconnected reason=disconnect Apr 10 23:33:29 mx1 smtpd[84358]: 6ccf0805d4222851 smtp connected address=194.169.175.10 host=<unknown> Apr 10 23:33:43 mx1 smtpd[84358]: 6ccf0805d4222851 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:34:17 mx1 smtpd[84358]: 6ccf0805d4222851 smtp authentication user=t...@catap.net result=permfail Apr 10 23:34:17 mx1 smtpd[84358]: 6ccf0805d4222851 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:34:23 mx1 smtpd[84358]: 6ccf0805d4222851 smtp disconnected reason=disconnect Apr 10 23:34:34 mx1 smtpd[84358]: 6ccf0806a1883889 smtp connected address=194.169.175.10 host=<unknown> Apr 10 23:34:50 mx1 smtpd[84358]: 6ccf0806a1883889 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:34:51 mx1 smtpd[84358]: warn: Disabling incoming SMTP connections: Client limit reached Apr 10 23:35:21 mx1 smtpd[84358]: 6ccf0806a1883889 smtp authentication user=te...@catap.net result=permfail Apr 10 23:35:21 mx1 smtpd[84358]: 6ccf0806a1883889 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:35:26 mx1 smtpd[84358]: 6ccf0806a1883889 smtp disconnected reason=disconnect Apr 10 23:35:26 mx1 smtpd[84358]: warn: smtp: fd exhaustion over, re-enabling incoming connections Apr 10 23:35:26 mx1 smtpd[84358]: warn: Disabling incoming SMTP connections: Client limit reached Apr 10 23:35:26 mx1 smtpd[84358]: 6ccf0807ee9b507b smtp connected address=91.235.247.80 host=<unknown> Apr 10 23:35:26 mx1 smtpd[84358]: 6ccf0807ee9b507b smtp disconnected reason=disconnect Apr 10 23:35:26 mx1 smtpd[84358]: warn: smtp: fd exhaustion over, re-enabling incoming connections Apr 10 23:35:28 mx1 smtpd[84358]: 6ccf0808881acbea smtp connected address=221.155.66.205 host=<unknown> Apr 10 23:35:28 mx1 smtpd[84358]: 6ccf0808881acbea smtp disconnected reason=disconnect Apr 10 23:35:39 mx1 smtpd[84358]: 6ccf08091d72be29 smtp connected address=194.169.175.10 host=<unknown> Apr 10 23:35:53 mx1 smtpd[84358]: 6ccf08091d72be29 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:36:20 mx1 smtpd[84358]: 6ccf08091d72be29 smtp authentication user=testm...@catap.net result=permfail Apr 10 23:36:20 mx1 smtpd[84358]: 6ccf08091d72be29 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:36:28 mx1 smtpd[84358]: 6ccf08091d72be29 smtp disconnected reason=disconnect Apr 10 23:36:44 mx1 smtpd[84358]: 6ccf080a4596f230 smtp connected address=194.169.175.10 host=<unknown> Apr 10 23:36:53 mx1 smtpd[84358]: 6ccf080a4596f230 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 10 23:37:10 mx1 smtpd[84358]: warn: Disabling incoming SMTP connections: Client limit reached Apr 10 23:37:21 mx1 smtpd[84358]: 6ccf080a4596f230 smtp authentication user=testu...@catap.net result=permfail Apr 10 23:37:22 mx1 smtpd[84358]: 6ccf080a4596f230 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 10 23:37:25 mx1 smtpd[84358]: 6ccf080a4596f230 smtp disconnected reason=disconnect Apr 10 23:37:25 mx1 smtpd[84358]: warn: smtp: fd exhaustion over, re-enabling incoming connections Apr 10 23:37:25 mx1 smtpd[84358]: 6ccf080baa2709a1 smtp connected address=157.90.134.25 host=www1.wmdd.de Apr 10 23:37:25 mx1 smtpd[69523]: auth: 6ccf080baa2709a1 spf_record_new: Apr 10 23:37:43 mx1 smtpd[84358]: warn: Disabling incoming SMTP connections: Client limit reached mx2: Apr 11 05:05:19 mx2 smtpd[35705]: 3f9f81f4ed6ea8ec smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:05:26 mx2 smtpd[35705]: 3f9f81f4ed6ea8ec smtp disconnected reason=disconnect Apr 11 05:05:40 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:05:51 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:06:17 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp authentication user=servi...@catap.net result=permfail Apr 11 05:06:18 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:06:25 mx2 smtpd[35705]: 3f9f81f6fd08763a smtp disconnected reason=disconnect Apr 11 05:06:45 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:07:00 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:07:11 mx2 smtpd[35705]: 3f9f81f85ded5ca9 smtp connected address=157.90.134.25 host=www1.wmdd.de Apr 11 05:07:13 mx2 smtpd[35705]: 3f9f81f85ded5ca9 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:07:13 mx2 smtpd[12461]: auth: 3f9f81f85ded5ca9 spf_record_new: Apr 11 05:07:31 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp authentication user=servic...@catap.net result=permfail Apr 11 05:07:31 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:07:38 mx2 smtpd[35705]: 3f9f81f7cba65bbf smtp disconnected reason=disconnect Apr 11 05:07:40 mx2 smtpd[35705]: 3f9f81f95ac50e10 smtp connected address=157.90.134.25 host=www1.wmdd.de Apr 11 05:07:41 mx2 smtpd[35705]: 3f9f81f95ac50e10 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:07:41 mx2 smtpd[12461]: auth: 3f9f81f95ac50e10 spf_record_new: Apr 11 05:07:50 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:07:59 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:08:28 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp authentication user=servi...@catap.net result=permfail Apr 11 05:08:28 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:08:31 mx2 smtpd[35705]: 3f9f81fa5aaf4c8e smtp disconnected reason=disconnect Apr 11 05:08:55 mx2 smtpd[35705]: 3f9f81fb0208084c smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:09:05 mx2 smtpd[35705]: 3f9f81fb0208084c smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:09:30 mx2 smtpd[35705]: 3f9f81fb0208084c smtp authentication user=s...@catap.net result=permfail Apr 11 05:09:30 mx2 smtpd[35705]: 3f9f81fb0208084c smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:09:33 mx2 smtpd[35705]: 3f9f81fb0208084c smtp disconnected reason=disconnect Apr 11 05:09:59 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:10:11 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:10:36 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp authentication user=shopp...@catap.net result=permfail Apr 11 05:10:37 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:10:40 mx2 smtpd[35705]: 3f9f81fcbcf0f32e smtp disconnected reason=disconnect Apr 11 05:11:04 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:11:15 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:11:40 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp authentication user=soc...@catap.net result=permfail Apr 11 05:11:40 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:11:47 mx2 smtpd[35705]: 3f9f81fd682e0785 smtp disconnected reason=disconnect Apr 11 05:12:09 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp connected address=194.169.175.10 host=<unknown> Apr 11 05:12:13 mx2 smtpd[35705]: 3f9f81ff7c133003 smtp connected address=157.90.134.25 host=www1.wmdd.de Apr 11 05:12:14 mx2 smtpd[12461]: auth: 3f9f81ff7c133003 spf_record_new: Apr 11 05:12:23 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 Apr 11 05:12:41 mx2 smtpd[35705]: warn: Disabling incoming SMTP connections: Client limit reached Apr 11 05:12:57 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp authentication user=sopo...@catap.net result=permfail Apr 11 05:12:58 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp failed-command command="AUTH LOGIN (password)" result="535 Authentication failed" Apr 11 05:13:03 mx2 smtpd[35705]: 3f9f81fe5e363ed5 smtp disconnected reason=disconnect Apr 11 05:13:03 mx2 smtpd[35705]: warn: smtp: fd exhaustion over, re-enabling incoming connections Apr 11 05:13:03 mx2 smtpd[35705]: 3f9f820021a5b7d4 smtp connected address=157.90.134.25 host=www1.wmdd.de Apr 11 05:13:03 mx2 smtpd[12461]: auth: 3f9f820021a5b7d4 spf_record_new: Apr 11 05:13:14 mx2 smtpd[35705]: warn: Disabling incoming SMTP connections: Client limit reached Interesting that both machine stuck after 157.90.134.25 tries to delivery its mail twice. Anyway, both machine has near the same uptime: mx1$ uptime 9:49AM up 42 days, 7:11, 2 users, load averages: 0.56, 1.07, 1.09 mx1$ mx2$ uptime 9:49AM up 42 days, 7:09, 1 user, load averages: 0.72, 0.64, 0.58 mx2$ and was rebooted for syspatch. As far as I recall smtpd wasn't restarted by hand until yesterday. So, I may assume that it works for about 41 days without any issue, and after some bad actor (157.90.134.25) tries to send something, it brokes the machine. Both of them. -- wbr, Kirill