Filtering SMTP abuse?

Post Reply
Razva
Junior Member
Posts: 3
Joined: 12 Dec 2013, 11:32

Filtering SMTP abuse?

Post by Razva »

Hello,

Lately I'm seeing a lot of incoming SMTP traffic, which is rejected by EXIM.

Example:

Code: Select all

2019-04-02 18:29:24 Connection from [85.117.56.68]:59957 refused: too many connections
2019-04-02 18:29:24 SMTP connection from net-2-45-190-15.cust.vodafonedsl.it [2.45.190.15]:28532 lost D=5s
2019-04-02 18:29:24 SMTP connection from [58.187.54.168]:41794 (TCP/IP connection count = 20)
2019-04-02 18:29:24 Connection from [212.58.114.238]:7242 refused: too many connections
2019-04-02 18:29:24 Connection from [93.43.177.139]:21547 refused: too many connections
2019-04-02 18:29:24 SMTP connection from [89.237.193.46]:30978 closed by QUIT
2019-04-02 18:29:24 SMTP connection from [195.158.25.219]:42732 lost D=5s
2019-04-02 18:29:24 SMTP connection from [58.187.54.168]:20416 lost D=5s
2019-04-02 18:29:24 SMTP connection from [91.233.82.191]:58645 (TCP/IP connection count = 18)
2019-04-02 18:29:25 SMTP connection from [178.122.48.204]:1038 (TCP/IP connection count = 19)
2019-04-02 18:29:25 SMTP connection from [201.240.154.90]:61310 (TCP/IP connection count = 20)
2019-04-02 18:29:25 Connection from [89.237.192.180]:11340 refused: too many connections
2019-04-02 18:29:25 Connection from [188.170.73.74]:5499 refused: too many connections
2019-04-02 18:29:25 Connection from [195.225.231.217]:14276 refused: too many connections
2019-04-02 18:29:25 Connection from [95.59.225.66]:17143 refused: too many connections
2019-04-02 18:29:25 SMTP connection from [78.7.108.194]:52370 lost D=5s
2019-04-02 18:29:25 SMTP connection from [84.53.237.1]:32376 (TCP/IP connection count = 20)
2019-04-02 18:29:25 Connection from [130.193.120.32]:55245 refused: too many connections
2019-04-02 18:29:25 Connection from [154.120.93.30]:48987 refused: too many connections
2019-04-02 18:29:25 Connection from [89.237.192.180]:14844 refused: too many connections
2019-04-02 18:29:25 Connection from [217.59.234.10]:54811 refused: too many connections
2019-04-02 18:29:25 SMTP connection from host99-109-static.41-88-b.business.telecomitalia.it [88.41.109.99]:62714 lost D=5s
2019-04-02 18:29:26 SMTP connection from [58.187.54.168]:15312 lost D=5s
2019-04-02 18:29:26 SMTP connection from [58.145.191.249]:59469 (TCP/IP connection count = 19)
2019-04-02 18:29:26 SMTP connection from [95.58.113.94]:12139 lost D=5s
2019-04-02 18:29:26 SMTP connection from [95.78.159.137]:61100 (TCP/IP connection count = 19)
2019-04-02 18:29:26 SMTP connection from [102.107.165.69]:55804 (TCP/IP connection count = 20)
2019-04-02 18:29:26 Connection from [116.193.161.106]:59503 refused: too many connections
2019-04-02 18:29:26 no host name found for IP address 102.107.165.69
2019-04-02 18:29:26 Connection from [41.94.87.2]:56450 refused: too many connections
2019-04-02 18:29:26 Connection from [178.64.15.142]:15812 refused: too many connections
2019-04-02 18:29:26 Connection from [42.113.153.155]:38796 refused: too many connections
2019-04-02 18:29:26 Connection from [185.74.102.23]:58144 refused: too many connections
2019-04-02 18:29:26 Connection from [191.89.211.49]:50738 refused: too many connections
2019-04-02 18:29:26 Connection from [178.17.206.2]:63274 refused: too many connections
2019-04-02 18:29:27 Connection from [31.47.135.206]:6191 refused: too many connections
2019-04-02 18:29:27 Connection from [89.237.192.180]:14767 refused: too many connections
2019-04-02 18:29:27 Connection from [213.108.19.155]:2349 refused: too many connections
2019-04-02 18:29:27 Connection from [94.190.86.131]:16983 refused: too many connections
2019-04-02 18:29:27 SMTP connection from [37.212.205.4]:23829 lost D=5s
2019-04-02 18:29:27 SMTP connection from [111.91.107.103]:48708 (TCP/IP connection count = 20)
2019-04-02 18:29:27 SMTP connection from [42.110.227.192]:4127 lost D=5s
2019-04-02 18:29:27 SMTP connection from [87.247.37.118]:28895 (TCP/IP connection count = 20)
2019-04-02 18:29:27 Connection from [42.110.227.192]:43645 refused: too many connections
2019-04-02 18:29:27 SMTP connection from [95.47.184.104]:30138 lost D=7s
2019-04-02 18:29:28 SMTP connection from [83.139.131.57]:40943 (TCP/IP connection count = 20)
2019-04-02 18:29:28 no host name found for IP address 83.139.131.57
2019-04-02 18:29:28 Connection from [95.78.159.137]:61142 refused: too many connections
2019-04-02 18:29:28 Connection from [83.139.131.57]:40964 refused: too many connections
2019-04-02 18:29:28 Connection from [39.40.5.115]:51608 refused: too many connections
2019-04-02 18:29:28 Connection from [212.34.38.70]:2567 refused: too many connections
2019-04-02 18:29:28 SMTP connection from [120.188.33.37]:9966 lost D=5s
2019-04-02 18:29:28 SMTP connection from [185.22.217.118]:15794 (TCP/IP connection count = 20)
I've set CONNLIMIT but it doesn't seem to have any result. The setting is as follows:

Code: Select all

80;75 21;50 110;20 995;20 143;20 993;20 25;20 26;20 587;20 465;20
EXIM is dropping connections, because I set 20 as max connections, but I have no idea why CSF is not blocking them.

Any hints on what I'm doing wrong?

Thank you,
Razva
AdminWonder
Junior Member
Posts: 19
Joined: 25 Feb 2014, 16:26

Re: Filtering SMTP abuse?

Post by AdminWonder »

Did you activate / configure connection tracking? If yes, this will be blocked.
Post Reply