Hi Pete,
I had a similar incident last Thursday (17th Jan). When I looked at the
smtp server log file I noticed one particular address was performing a
connection every couple of seconds for hours: -
17/01/13 11:10:14 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:21 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:23 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:30 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:33 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:35 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:42 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:44 INFO smtpserver: Connection from 118.69.70.252
(118.69.70.252)
I was alerted to it because a user said they were having trouble
receiving email. It turned out that this culprit was also attacking the
pop server at the same time with thousands of entries like this: -
17/01/13 11:10:00 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:01 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:02 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:08 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:10 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:11 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:12 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:13 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:14 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:20 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:21 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:22 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
17/01/13 11:10:23 INFO pop3server: Connection for [email protected] from
118.69.70.252 (118.69.70.252) closed.
17/01/13 11:10:24 INFO pop3server: Connection from 118.69.70.252
(118.69.70.252)
Like you I began noticing a remotedelivery error over and over: -
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Could not connect
to SMTP host: xxx.xxx.120.220, port: 25
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Temporary
exception delivering mail
(Mail1358418045851-7090-!310867-to-t-mobile.co.uk:
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Storing message
Mail1358418045851-7090-!310867-to-t-mobile.co.uk into outgoing after 5
retries
17/01/13 12:35:30 INFO James.Mailet: RemoteDelivery: Attempting
delivery of Mail1358423703286-7128-!505926-to-t-mobile.co.uk to host
one2one.t-mobile.co.uk. a
t xxx.xxx.120.220 for addresses [[email protected]]
I began to be concerned that the culprits had somehow managed to coerce
James into forwarding email.
As a temporary measure I blocked all packets from 118.69.70.252 for five
minutes and that was enough to make it move on to someone else. After
my retry period timed out (I have it set to a few hours and not the
recommended 3 days because my users want to know if an email couldn't be
delivered as soon as possible) all was well again.
I'm still wondering if the bot had found a weakness in my settings but
this server has been up for years and I've not had many problems.
Hope that helps,
David Legg
On 22/01/13 18:20, Pete Williams wrote:
Hi
I'm a long time James user. No problem since 2010 until now.
James has started to drop this error into the mailet logs many times a second:
22/01/13 17:49:22 INFO James.Mailet: RemoteDelivery: Attempting delivery of
Mail1358498306551-20313-to-xxxxxxxxxx.co.uk to host xxxxxxxx.com. at
207.126.147.10 for addresses [xxxxxxxxxxxxxxxxx.co.uk]
22/01/13 17:49:22 INFO James.Mailet: RemoteDelivery: Exception caught in
RemoteDelivery.run()
java.lang.OutOfMemoryError: Java heap space
The result is that James is utilising loads of server processor resource.
It seems to be this particular email. I'd like to get rid of it to see if that
fixes the problem. How can I do that?
Version of James is 2.3.2 running on Windows. Upgrade planned for May, but
right now I just want to fix this problem.
I have started and stopped James.
Thanks, Pete
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
