This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble with mail on 9.706.9 - too many connections

Since Updating our SG550 to 9.706.9 we have trouble with mail. E-Mails are delayed or even not delivered at all.

E-Mail senders get the following message:

Remote Server returned '554 5.4.0 < #4.0.0 X-Proxmox; delivery temporarily suspended: host x.x.x.x[x.x.x.x] refused to talk to me: 421 Too many concurrent SMTP connections; please try again later.>'

or: 421.4.4.2 connection dropped due to TimeOut

I also recognize high cpu load (100%) on exim processes

In smtp log I often see tcp connection count 25, so all allowed connection are beeing used.

When increasing the allowed connections whole utm perfomance goes down and httpproxy will be very sloooow .

Max connection: 25 (default: 20)

Max connections / host: 15 (default: 10)

Any ideas for me?

Markus

This thread was automatically locked due to age.

Parents

0 FormerMember over 3 years ago
Hi Markus S.,

Thank you for reaching out to the Community!

Is there any new core dumps on your firewall? Or is there a pending pattern update? Can you check that with the following command?

ls -larth /var/storage/cores

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Markus S. over 3 years ago in reply to FormerMember

security-gateway:/home/login # ls -larth /var/storage/cores
total 13G
-rw-r--r-- 1 root root 18M Jun 8 2018 ctipd.bin.9456
-rw-r--r-- 1 root root 39M Oct 2 2018 websec-reporter.29288
-rw-r--r-- 1 root root 87M Oct 16 2018 syslog-ng.8587
drwxr-xr-x 15 root root 4.0K Oct 16 2018 ..
-rw-r--r-- 1 root root 12M Mar 10 2019 red_server.plc.17733
-rw-r--r-- 1 root root 48M Mar 16 2019 afcd.afcd!259.30537
-rw-r--r-- 1 root root 1.8G Apr 24 2019 httpproxy.EpollWorker_23.1447
-rw-r--r-- 1 root root 2.0G Apr 29 2019 httpproxy.EpollWorker_27.10031
-rw-r--r-- 1 root root 2.1G Jun 17 2019 httpproxy.EpollWorker_06.10040
-rw-r--r-- 1 root root 2.3G Jul 4 2019 httpproxy.EpollWorker_20.10208
-rw-r--r-- 1 root root 102M Sep 23 2019 sandboxd.9690
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.6045
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.15087
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.16387
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.19722
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.20469
-rw-r--r-- 1 root root 181M Jan 8 2020 snort.17291
-rw-r--r-- 1 root root 180M Jan 8 2020 snort.17300
-rw-r--r-- 1 root root 182M Jan 8 2020 snort.17290
-rw-r--r-- 1 root root 172M Jan 8 2020 snort.17289
-rw-r--r-- 1 root root 204M Jan 8 2020 snort.17299
-rw-r--r-- 1 root root 2.2G Jan 14 2020 httpproxy.EpollWorker_12.10335
-rw-r--r-- 1 root root 225M Feb 21 2020 confd.plx.8660
-rw-r--r-- 1 root root 225M Feb 21 2020 confd.plx.14252
-rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.25791
-rw-r--r-- 1 root root 25M Mar 29 2020 ctasd.bin.25845
-rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.27234
-rw-r--r-- 1 root root 28M Mar 29 2020 ctasd.bin.29388
-rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.29687
-rw-r--r-- 1 root root 169M Apr 30 2020 confd.plx.12734
-rw-r--r-- 1 root root 101M Jun 9 2020 sandboxd.10258
-rw-r--r-- 1 root root 100M Jul 28 2020 sandboxd.10459
-rw-r--r-- 1 root root 81M Sep 22 2020 confd.plx.3727
-rw-r--r-- 1 root root 30M Sep 22 2020 awed.8828
-rw-r--r-- 1 root root 30M Jan 25 05:01 awed.8973
-rw-r--r-- 1 root root 3.6M Apr 8 11:25 httpd.19946
-rw-r--r-- 1 root root 3.6M Apr 20 07:35 httpd.15512
-rw-r--r-- 1 root root 3.6M Apr 22 11:23 httpd.4984
-rw-r--r-- 1 root root 3.6M Apr 22 11:28 httpd.27271
-rw-r--r-- 1 root root 3.6M May 13 18:17 httpd.20143
-rw-r--r-- 1 root root 99M May 28 05:05 confd.plx.14348
drwx------ 2 root root 4.0K May 28 05:05 .

security-gateway:/home/login # /sbin/audld.plx --nosys --trigger
no HA system or cluster node
patch up2date possible
Starting Secured Up2Date Package Downloader
Authenticating ...
Secured Up2date Authentication
Authentication successful!
Starting Up2Date Download
No new packages available, exiting.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Markus S. over 3 years ago in reply to FormerMember

security-gateway:/home/login # ls -larth /var/storage/cores
total 13G
-rw-r--r-- 1 root root 18M Jun 8 2018 ctipd.bin.9456
-rw-r--r-- 1 root root 39M Oct 2 2018 websec-reporter.29288
-rw-r--r-- 1 root root 87M Oct 16 2018 syslog-ng.8587
drwxr-xr-x 15 root root 4.0K Oct 16 2018 ..
-rw-r--r-- 1 root root 12M Mar 10 2019 red_server.plc.17733
-rw-r--r-- 1 root root 48M Mar 16 2019 afcd.afcd!259.30537
-rw-r--r-- 1 root root 1.8G Apr 24 2019 httpproxy.EpollWorker_23.1447
-rw-r--r-- 1 root root 2.0G Apr 29 2019 httpproxy.EpollWorker_27.10031
-rw-r--r-- 1 root root 2.1G Jun 17 2019 httpproxy.EpollWorker_06.10040
-rw-r--r-- 1 root root 2.3G Jul 4 2019 httpproxy.EpollWorker_20.10208
-rw-r--r-- 1 root root 102M Sep 23 2019 sandboxd.9690
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.6045
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.15087
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.16387
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.19722
-rw-r--r-- 1 root root 14M Oct 20 2019 aua.bin.20469
-rw-r--r-- 1 root root 181M Jan 8 2020 snort.17291
-rw-r--r-- 1 root root 180M Jan 8 2020 snort.17300
-rw-r--r-- 1 root root 182M Jan 8 2020 snort.17290
-rw-r--r-- 1 root root 172M Jan 8 2020 snort.17289
-rw-r--r-- 1 root root 204M Jan 8 2020 snort.17299
-rw-r--r-- 1 root root 2.2G Jan 14 2020 httpproxy.EpollWorker_12.10335
-rw-r--r-- 1 root root 225M Feb 21 2020 confd.plx.8660
-rw-r--r-- 1 root root 225M Feb 21 2020 confd.plx.14252
-rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.25791
-rw-r--r-- 1 root root 25M Mar 29 2020 ctasd.bin.25845
-rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.27234
-rw-r--r-- 1 root root 28M Mar 29 2020 ctasd.bin.29388
-rw-r--r-- 1 root root 26M Mar 29 2020 ctasd.bin.29687
-rw-r--r-- 1 root root 169M Apr 30 2020 confd.plx.12734
-rw-r--r-- 1 root root 101M Jun 9 2020 sandboxd.10258
-rw-r--r-- 1 root root 100M Jul 28 2020 sandboxd.10459
-rw-r--r-- 1 root root 81M Sep 22 2020 confd.plx.3727
-rw-r--r-- 1 root root 30M Sep 22 2020 awed.8828
-rw-r--r-- 1 root root 30M Jan 25 05:01 awed.8973
-rw-r--r-- 1 root root 3.6M Apr 8 11:25 httpd.19946
-rw-r--r-- 1 root root 3.6M Apr 20 07:35 httpd.15512
-rw-r--r-- 1 root root 3.6M Apr 22 11:23 httpd.4984
-rw-r--r-- 1 root root 3.6M Apr 22 11:28 httpd.27271
-rw-r--r-- 1 root root 3.6M May 13 18:17 httpd.20143
-rw-r--r-- 1 root root 99M May 28 05:05 confd.plx.14348
drwx------ 2 root root 4.0K May 28 05:05 .

security-gateway:/home/login # /sbin/audld.plx --nosys --trigger
no HA system or cluster node
patch up2date possible
Starting Secured Up2Date Package Downloader
Authenticating ...
Secured Up2date Authentication
Authentication successful!
Starting Up2Date Download
No new packages available, exiting.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 FormerMember over 3 years ago in reply to Markus S.

Hi Markus S.,

Did this issue start on May 13th or 28th? If yes, open a support case for further in-depth investigation, provide the support access id from your firewall on your support case and send me the case number via a personal message.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Markus S.

Just curious, Markus - what do you get from df -h?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Markus S. over 3 years ago in reply to BAlfson

Hi Bob,

none of the mountpoints has more than 73% usage.

Markus
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 3 years ago in reply to Markus S.

With all of those core dumps, I was worried that your root partition might be full enough to cause performance issues.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel