LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   sendmail rejecting messages with error connection limit rate exceeded. (https://www.linuxquestions.org/questions/linux-server-73/sendmail-rejecting-messages-with-error-connection-limit-rate-exceeded-4175543925/)

mariogarcia 05-29-2015 03:04 AM
sendmail rejecting messages with error connection limit rate exceeded.
 
I am running debian jessie with sendmail 8.14.4. I do not find where is the setting to disable the mails to be rejected for a certain host and i get periodically this message:

Code:
May 28 16:20:30 mx6 sm-mta[14808]: ruleset=check_relay, arg1=[x.x.x.x], arg2=x.x.x.x, relay=[x.x.x.x], reject=421 4.3.2 Connection rate limit exceeded
I have removed from sendmail.mc the configuration

Code:
define(confCONNECTION_RATE_THROTTLE',15')dnl
 
define(confCONNECTION_RATE_WINDOW_SIZE',60s')dnl
still the messages are rejected which I do not understand because those option would delay the messages and not reject them.

is there a way to disable for certain domains that there is no connection limit at all? need to recompile? downgrade? I am using sendmail installed via apt-get.

thank you.

kmhuntly 05-29-2015 06:04 AM
sendmail rejecting messages with error connection limit rate exceeded.
 
CONNECTION_RATE_THROTTLE

This sets a limit on the number of new connections per second. It helps protect you against mail-bombs and similar denial-of-service attacks.

define(`confCONNECTION_RATE_THROTTLE', `100')dnl

If the rate goes above the limit, new connections are rejected and the sending mailers have to retry later.

bathory 05-29-2015 07:19 AM
Quote:
I have removed from sendmail.mc the configuration

define(confCONNECTION_RATE_THROTTLE',15')dnl

define(confCONNECTION_RATE_WINDOW_SIZE',60s')dnl

still the messages are rejected which I do not understand because those option would delay the messages and not reject them.

is there a way to disable for certain domains that there is no connection limit at all? need to recompile? downgrade? I am using sendmail installed via apt-get.
After editing sendmail.mc you need to recompile it to create the corresponding sendmail.cf:
Code:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Don't forget to backup both files in case something goes wrong. Then restart the sendmail service

Or you can just disable throttling for the host in question. Edit/etc/mail/access and add:
Code:
ClientRate: x.x.x.x 0
Then run:
Code:
makemap hash /etc/mail/access < /etc/mail/access

mariogarcia 05-29-2015 07:50 AM
Hello,
thank you for your help..


I understand that CONNECTION_RATE_THROTTLE delays the message do not reject it.

i see this on the doc online i find:

define(`confCONNECTION_RATE_THROTTLE', `5')dnl
This defines the overall number of concurrent connection the server accepts per second, before queuing incoming connection-request regardless of the host. The connections will not be rejected but stalled until the next second. This means that for the above example that when 20 connection-requests arrive, the first five (1-5) are processed in second one, the second five (6-10) in second two, the third five (11-15) in second three, and the final five (16-20) in second four.

this is not my case as my connection are simple rejected

I think I may have found the issue: sendmail.mc has this two rules:

dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl

but how can I find the current connection rates.

I will test with applying the rule ClientRate on the access DB.

thank you all for your answers.

Mario.


All times are GMT -5. The time now is 10:16 AM.