The idea of "work, then get paid" has been deeply ingrained in our culture by employers who want to limit their risk. Well, I like to limit my risks also. I like to get paid before I do work. (Tony Lawrence)
If you think your users are idiots, only idiots will use it. (Linus Torvalds)
How can I figure out why I am getting Host Connection Limit Reached problems? This is my mailserver - I've already checked its logs and nothing unusual is going on.
I wish Kerio Control would dump a log of all connections when it hits this limit - maybe they will someday, but for now this isn't all that hard to find, assuming the cause is on-going or at least frequent.
If you right-click in the debug log, you can dump packets from or to any address. For example, your problem seems to be with your 220.127.116.11 host. To see what it is doing, use this Packet Dump expression:
Sometimes you may want to do more. In your case, that 18.104.22.168 is your mailserver, so something like this might be more appropriate:
addr=22.214.171.124 & port !=443 & port !=993 & port != 25
That filters out the stuff you already know isn't a problem.
Just keep adding "& port !=" until you've eliminated all expected and normal traffic. What's left will likely be your problem.
If the traffic is bursty or sporadic, you may need to leave this on for a while to catch them in the act.
In this case, it turned out to be an attack on port 80 by a machine in Turkey. There was no reason to have port 80 open outside anyway, so we blocked that and added the attacker's IP to a block list.
The 8.6 release of Control will have the ability to distinguish between peers and hosts, allowing you to set separate values for a single peer and for all connections with all peers. By default, each host is assigned a limit of 100 connections with a single peer, and 600 connections for all peers.