How can I figure out why I am getting Host Connection Limit Reached problems? This is my mailserver - I've already checked its logs and nothing unusual is going on.
I wish Kerio Control would dump a log of all connections when it hits this limit - maybe they will someday, but for now this isn't all that hard to find, assuming the cause is on-going or at least frequent.
If you right-click in the debug log, you can dump packets from or to any address. For example, your problem seems to be with your 18.104.22.168 host. To see what it is doing, use this Packet Dump expression:
Sometimes you may want to do more. In your case, that 22.214.171.124 is your mailserver, so something like this might be more appropriate:
addr=126.96.36.199 & port !=443 & port !=993 & port != 25
That filters out the stuff you already know isn't a problem.
Just keep adding "& port !=" until you've eliminated all expected and normal traffic. What's left will likely be your problem. If the traffic is bursty or sporadic, you may need to leave this on for a while to catch them in the act.
In this case, it turned out to be an attack on port 80 by a machine in Turkey. There was no reason to have port 80 open outside anyway, so we blocked that and added the attacker's IP to a block list.
The 8.6 release of Control will have the ability to distinguish between peers and hosts, allowing you to set separate values for a single peer and for all connections with all peers. By default, each host is assigned a limit of 100 connections with a single peer, and 600 connections for all peers.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-06-04 Anthony Lawrence
Try not to become a man of success, but rather try to become a man of value. (Albert Einstein)