blocked with too many connections port 465
hi guys
I am receiving alerts of this type
more than 2 thousand connections to port 465
====================
Subject:
lfd on s1.MyServer.com: 200.x.y.76 blocked with too many connections
====================
Body:
Time: Thu Jul 27 15:32:37 2023 -0500
IP: 200.x.y.76
Connections: 2607
Blocked: Temporary Block for 1800 seconds [CT_LIMIT]
Connections:
tcp: 200.x.y.76:26717 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:61086 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:62815 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:65139 -> 67.x.y.58:465 (SYN_RECV)
tcp: 200.x.y.76:63776 -> 67.x.y.58:465 (SYN_RECV)
How can you solve this excessive or abuse of connection attempts?
-
I have this configuration CT_LIMIT=50 CT_INTERVAL=30 CT_BLOCK_TIME =3600 CONNLIMIT = 465;50 0 -
I have this configuration CT_LIMIT=50 CT_INTERVAL=30 CT_BLOCK_TIME =3600 CONNLIMIT = 465;50
Faced the same issue yesterday. Received exim down again and again. I checked the connection on smtp and there was lot of ips that were connecting and all are bot types. I blocked all of these and then issue resolved.0 -
Hey there! There isn't anything you need to solve here as LFD is doing its job and blocking the connections. You may want to ensure you have CSF/LFD configured to permanently ban those IPs so they can't try to connect again. 0
Please sign in to leave a comment.
Comments
3 comments