IMAP connection limit exceeded

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
starkeeper
New user
New user
Posts: 2
Joined: 2014-02-01 17:00

IMAP connection limit exceeded

Post by starkeeper » 2014-02-02 12:58

Hi,
I got some trouble with the IMAP connection limit. Our server is running for several years now and in the last 3 weeks the number of IMAP connections increased so dramatically that the connection limit is always reached. We have a very little setup with a maximmum of 10 users. In the past years a maximum of 75 connections was used and worked well. But now the limit is reached within one day and does not decrease again. My assumption is that a client software does not close connection correctly or an account was compromised.

After the problems began I updated the hMailServer to the version 5.4-1950 but this did not solve the problem. The problem is that whenever the connection limit is reached no other client can connect to IMAP, just a restart of the server fixes the problem, but only for a limited time period.
Initially we ran IMAP with all features enabled, I tried to disable IMAP IDLE but this had no effect on the connection prblem. The second try was to increase the number of connections to 250, but this did not fix the problem the connection counter goes up as fast as with 75 connections allowed.

Is there a way to see which account has which number of open IMAP connections? is there a way to limit the number of connections for one single account? Or limit the number of connections per IP? Maybe someone has a script that is able observer the connection of IPs/Acounts?

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: IMAP connection limit exceeded

Post by Bill48105 » 2014-02-02 17:39

Howdy. That is very odd. Sounds like the client is not closing the connections & then taking too long timeout. I added INI settings to 5.4 that allow you to set the timeouts for pop, smtp, clam & SA but never did for IMAP so maybe I'll need to. If you look at the logs do you see IMAP connections timing out eventually or are they idling or NOOP'ing?

But no there is no way to see who or what IP is using all the connections in hmail besides scanning the logs. Best way I know of is to ask windows with netstat or using a utility like currports http://www.nirsoft.net/utils/cports.html Just look at the IP's connected to port 143.

As far as using a script there isn't really an easy way. I mean it'd be possible but you'd need a way to track connections in a database or file. Then when connection comes in reject them if too many but hmail doesn't have easy way to see more than # of connections & their IP and username once they've logged in. I had been considering adding new COM values with more details to make it possible but hadn't got around to it.

At this point your only real option is to keep increasing max connections until you figure out the cause. doom's log analyzer might help you see the culprit easier: http://log.damnation.org.uk/
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

starkeeper
New user
New user
Posts: 2
Joined: 2014-02-01 17:00

Re: IMAP connection limit exceeded

Post by starkeeper » 2014-02-02 19:23

Hi,
thanks for your help!

It seems to be a problem with a client software. I used the port utility cports to display the used ports and can see that around 200 IMAP connections come from a single IP. I could not contact the guy yet, to clarify which software/settings he is using. The IMAP log shows that a connection is established and some NOOP's are done. But most of the time a FETCH command is logged like this:
"IMAPD" 43972 2745 "2014-02-02 13:22:18.894" "9x.79.xxx.142" "SENT: * 1105 FETCH (UID 187536 FLAGS (\Seen))"

There are thousnads f theese entries, sometime more than hundred in the same millisecond of log. I don't know if this is done for each item in a postbox or if this is the problem, which plugs up my IMAP ports.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: IMAP connection limit exceeded

Post by Bill48105 » 2014-02-02 20:12

yeah that sounds like awful email client. interesting to know which. something we'll have to be on the watch for.
btw did you look at the mailbox to see if there are TONS of email in their box or something?
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
Conzi
Normal user
Normal user
Posts: 147
Joined: 2006-02-24 14:44
Location: Varese, Italy

Re: IMAP connection limit exceeded

Post by Conzi » 2014-02-04 00:55

some years ago I had the same problem

It was the antivirus installed on the client pc who acted like a "man in the middle"
The antivirus checked all imap connection email by email, every time the email client opened an email. (without releasing the connection...)

User avatar
Acrolyte
Normal user
Normal user
Posts: 84
Joined: 2007-11-26 14:17
Location: GER

Re: IMAP connection limit exceeded

Post by Acrolyte » 2014-02-05 15:10

Hi there!

What client software is trying to connect? MS Outlook? Thunderbird? Bat?

I had exactly the same problem with 2 machines (Win 7 Pro SP1 x64) which connected to hMS with Thunderbird. These 2 machines (or better: their users) had very large accounts (around 25.000 - 30.000 mails). And they did what most of all users do: starting Thunderbird, "Oh, 3 new mails!", read them quick and close the application while Thunderbird tries to sync and index messages. That resulted in unsucessfull app close, Thunderbird remained inside the process tree and hold the "dead" connection. When the users retry to open TB they won't encounter any message like Firefox does ("is already running, blabla") and TB will indicate that it is trying to open the inbox while the "hanging" thunderbird.exe is still connected to hMS. Sometimes it also happened that after a second TB run the process remained twice.

I switched off some features (esp. indexing stuff) in TB, made some explanations to the users and from that time on the problem has gone.

Post Reply