Hi all,
I had a post here earlier about the same issues. I went a made a new server and slowly got the same issue once more..
I have the lastest Zimbra 8.6 installed in a virtual proxmox enviroment. The vm now has:
4 virtual sockets with one core each.. this shows a load of about 95% to 105% which was a small improvement from my the two core the server started with.
8Gb of cam using between 6.5Gb to 7.5Gb
Storage is a Synology DS1513+ NAS with 24/7 NAS disks 7200rpm connected by ethernet 1Gb
I don't know why i have this excatly but i suspect now that its because my domain reciveds allot of spam..
According to the zimbra monitor i get about 250 to 350 spam mails an hour... i don't know if this is allot..
I have a spike of about 10.000 mails at one point.
also I have a HUGE queue..
According to monitor I have:
16966 deferred
293925 incomming
15774 active
this server has been running live for a little 48 hours now
can anyone tell how to approach this problem? im clueless. I have been googling allot but its hard to find articles where spam is the problem when dealing with zimbra.. but maybe i just search wrong..
Thanks!
Casper
High Ram and CPU usage - suspect huge spam load to be the reason
-
- Posts: 43
- Joined: Sat Sep 13, 2014 3:24 am
-
- Posts: 43
- Joined: Sat Sep 13, 2014 3:24 am
High Ram and CPU usage - suspect huge spam load to be the reason
I can add now that from when this thread was made and untill now my mail queue is:
deffered about 25000
incomming allmost 500.000
and disk usages has growen with about 25 to 30%
deffered about 25000
incomming allmost 500.000
and disk usages has growen with about 25 to 30%
-
- Posts: 43
- Joined: Sat Sep 13, 2014 3:24 am
High Ram and CPU usage - suspect huge spam load to be the reason
Also http://www.mailradar.com/ says that my zimbra server relays...
the only way to stop a zimbra server from relay that i know of is to edit the MTA networks.. ATM those are set like this:
127.0.0.0/8 192.168.251.0/29
where my server ip is 192.168.251.4
is there anywhere else you should turn off relaying??
the only way to stop a zimbra server from relay that i know of is to edit the MTA networks.. ATM those are set like this:
127.0.0.0/8 192.168.251.0/29
where my server ip is 192.168.251.4
is there anywhere else you should turn off relaying??
-
- Posts: 43
- Joined: Sat Sep 13, 2014 3:24 am
High Ram and CPU usage - suspect huge spam load to be the reason
Another symptom i see is that the web admin interface says services are down.. but they are not according to cli and i do get some mails from time to time about spam and what not.
After i realized that i was a relay node i closed the firewall rule allowing my server to recieve mail so that i wouldn't spam others.. but its still sending the spam notice to my account.. which i would anticipate..
here is the web console
and here is the cli:
root@ins:~# su zimbra
zimbra@ins:/home/dingit$ zmcontrol status
Host ins.dingit.dk
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Running
mailbox Running
mta Running
opendkim Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
zimbra@ins:/home/dingit$
I suspect is because of the highload of the server that we see this..
After i realized that i was a relay node i closed the firewall rule allowing my server to recieve mail so that i wouldn't spam others.. but its still sending the spam notice to my account.. which i would anticipate..
here is the web console
and here is the cli:
root@ins:~# su zimbra
zimbra@ins:/home/dingit$ zmcontrol status
Host ins.dingit.dk
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Running
mailbox Running
mta Running
opendkim Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
zimbra@ins:/home/dingit$
I suspect is because of the highload of the server that we see this..
-
- Posts: 43
- Joined: Sat Sep 13, 2014 3:24 am
High Ram and CPU usage - suspect huge spam load to be the reason
After i closed internet access to my zimbra mail server im starting to get forwarded mails from the admin account whith content like this:
Transcript of session follows.
Out: 220 ins.dingit.dk ESMTP Postfix
In: HELO 77.66.31.83
Out: 250 ins.dingit.dk
In: MAIL FROM: <dyqrzbewhcmc@anet.net.tw>
Out: 451 4.3.0 Temporary lookup error
In: RSET
Out: 250 2.0.0 Ok
In: MAIL FROM: <gizffud@yahoo.com.hk>
Out: 451 4.3.0 Temporary lookup error
In: RSET
Out: 250 2.0.0 Ok
In: MAIL FROM: <okrrs@wysina.com.tw>
Out: 451 4.3.0 Temporary lookup error
In: QUIT
Out: 221 2.0.0 Bye
So it seems that closing the access to the server has given it time to breath and send these mails out. there are about 3000 in queue.. im pretty sure im seeing this because the server is relaying but i have NO idea where to turn it off .. other than the MTA networks which should be set as they are suppose to.. see older post here
Transcript of session follows.
Out: 220 ins.dingit.dk ESMTP Postfix
In: HELO 77.66.31.83
Out: 250 ins.dingit.dk
In: MAIL FROM: <dyqrzbewhcmc@anet.net.tw>
Out: 451 4.3.0 Temporary lookup error
In: RSET
Out: 250 2.0.0 Ok
In: MAIL FROM: <gizffud@yahoo.com.hk>
Out: 451 4.3.0 Temporary lookup error
In: RSET
Out: 250 2.0.0 Ok
In: MAIL FROM: <okrrs@wysina.com.tw>
Out: 451 4.3.0 Temporary lookup error
In: QUIT
Out: 221 2.0.0 Bye
So it seems that closing the access to the server has given it time to breath and send these mails out. there are about 3000 in queue.. im pretty sure im seeing this because the server is relaying but i have NO idea where to turn it off .. other than the MTA networks which should be set as they are suppose to.. see older post here
High Ram and CPU usage - suspect huge spam load to be the reason
Have you made any changes to your Zimbra server's configuration recently? Are you using any RBLs? Have you checked if there's any compromised account(s) on the server? Have you made any changes to the anti-spam system in ZCS?
-
- Posts: 43
- Joined: Sat Sep 13, 2014 3:24 am
High Ram and CPU usage - suspect huge spam load to be the reason
Hi Phoenix,
No this is a clean install with Zextra suite added to it.. that is about the only thing.. I have than added the domain and created the users for this domain .. I have also edited the MTA networks to make to local subnet more precise...
I haven't touched RBLS or any other zimbra configuration for that matter..
I don't belive there are any compromised accounts since the server is so new and the passwords have been strong...
I haven't touched the anti spam feature either..
from my perspektive this domain just recives allot of spam.. or the open relay feature is turned on which it shouldn't be..
No this is a clean install with Zextra suite added to it.. that is about the only thing.. I have than added the domain and created the users for this domain .. I have also edited the MTA networks to make to local subnet more precise...
I haven't touched RBLS or any other zimbra configuration for that matter..
I don't belive there are any compromised accounts since the server is so new and the passwords have been strong...
I haven't touched the anti spam feature either..
from my perspektive this domain just recives allot of spam.. or the open relay feature is turned on which it shouldn't be..
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
High Ram and CPU usage - suspect huge spam load to be the reason
Hi offerlam22,
Please follow the next 2 Wiki articles and let us know if after follow all the Wikis you are still suffering the problem:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
Use the DKIM, SPF (with value -all not ~all) - https://wiki.zimbra.com/wiki/Best_Pract ... _and_DMARC
Let us know
Please follow the next 2 Wiki articles and let us know if after follow all the Wikis you are still suffering the problem:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
Use the DKIM, SPF (with value -all not ~all) - https://wiki.zimbra.com/wiki/Best_Pract ... _and_DMARC
Let us know