This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble with mail on 9.706.9 - too many connections

Since Updating our SG550 to 9.706.9 we have trouble with mail. E-Mails are delayed or even not delivered at all.  

E-Mail senders get the following message:

Remote Server returned '554 5.4.0 < #4.0.0 X-Proxmox; delivery temporarily suspended: host x.x.x.x[x.x.x.x] refused to talk to me: 421 Too many concurrent SMTP connections; please try again later.>'

or: 421.4.4.2 connection dropped due to TimeOut

I also recognize high cpu load (100%) on exim processes

In smtp log I often see tcp connection count 25, so all allowed connection are beeing used.

When increasing the allowed connections whole utm perfomance goes down and httpproxy will be very sloooow .

Max connection: 25 (default: 20)

Max connections / host: 15 (default: 10)

Any ideas for me?

Markus



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Is there any new core dumps on your firewall? Or is there a pending pattern update?  Can you check that with the following command?

    • ls -larth /var/storage/cores

    Thanks, 

  • security-gateway:/home/login # ls -larth /var/storage/cores
    total 13G
    -rw-r--r-- 1 root root 18M Jun 8 2018 ctipd.bin.9456
    -rw-r--r-- 1 root root 39M Oct 2 2018 websec-reporter.29288
    -rw-r--r-- 1 root root 87M Oct 16 2018 syslog-ng.8587
    drwxr-xr-x 15 root root 4.0K Oct 16 2018 ..
    -rw-r--r-- 1 root root 12M Mar 10 2019 red_server.plc.17733
    -rw-r--r-- 1 root root 48M Mar 16 2019 afcd.afcd!259.30537
    -rw-r--r-- 1 root root 1.8G Apr 24 2019 httpproxy.EpollWorker_23.1447
    -rw-r--r-- 1 root root 2.0G Apr 29 2019 httpproxy.EpollWorker_27.10031
    -rw-r--r-- 1 root root 2.1G Jun 17 2019 httpproxy.EpollWorker_06.10040
    -rw-r--r-- 1 root root 2.3G Jul 4 2019 httpproxy.EpollWorker_20.10208
    -rw-r--r-- 1 root root 102M Sep 23 2019 sandboxd.9690
    -rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.6045
    -rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.15087
    -rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.16387
    -rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.19722
    -rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.20469
    -rw-r--r-- 1 root root 181M Jan 8 2020 snort.17291
    -rw-r--r-- 1 root root 180M Jan 8 2020 snort.17300
    -rw-r--r-- 1 root root 182M Jan 8 2020 snort.17290
    -rw-r--r-- 1 root root 172M Jan 8 2020 snort.17289
    -rw-r--r-- 1 root root 204M Jan 8 2020 snort.17299
    -rw-r--r-- 1 root root 2.2G Jan 14 2020 httpproxy.EpollWorker_12.10335
    -rw-r--r-- 1 root root 225M Feb 21 2020 confd.plx.8660
    -rw-r--r-- 1 root root 225M Feb 21 2020 confd.plx.14252
    -rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.25791
    -rw-r--r-- 1 root root 25M Mar 29 2020 ctasd.bin.25845
    -rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.27234
    -rw-r--r-- 1 root root 28M Mar 29 2020 ctasd.bin.29388
    -rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.29687
    -rw-r--r-- 1 root root 169M Apr 30 2020 confd.plx.12734
    -rw-r--r-- 1 root root 101M Jun 9 2020 sandboxd.10258
    -rw-r--r-- 1 root root 100M Jul 28 2020 sandboxd.10459
    -rw-r--r-- 1 root root 81M Sep 22 2020 confd.plx.3727
    -rw-r--r-- 1 root root 30M Sep 22 2020 awed.8828
    -rw-r--r-- 1 root root 30M Jan 25 05:01 awed.8973
    -rw-r--r-- 1 root root 3.6M Apr 8 11:25 httpd.19946
    -rw-r--r-- 1 root root 3.6M Apr 20 07:35 httpd.15512
    -rw-r--r-- 1 root root 3.6M Apr 22 11:23 httpd.4984
    -rw-r--r-- 1 root root 3.6M Apr 22 11:28 httpd.27271
    -rw-r--r-- 1 root root 3.6M May 13 18:17 httpd.20143
    -rw-r--r-- 1 root root 99M May 28 05:05 confd.plx.14348
    drwx------ 2 root root 4.0K May 28 05:05 .


    security-gateway:/home/login # /sbin/audld.plx --nosys --trigger
    no HA system or cluster node
    patch up2date possible
    Starting Secured Up2Date Package Downloader
    Authenticating ...
    Secured Up2date Authentication
    Authentication successful!
    Starting Up2Date Download
    No new packages available, exiting.

  • FormerMember
    0 FormerMember in reply to Markus S.

    Hi ,

    Did this issue start on May 13th or 28th? If yes, open a support case for further in-depth investigation, provide the support access id from your firewall on your support case and send me the case number via a personal message. 

    Thanks,

  • Just curious, Markus - what do you get from df -h?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    none of the mountpoints has more than 73% usage. 

    Markus

  • With all of those core dumps, I was worried that your root partition might be full enough to cause performance issues.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA