I've noticed recently, on my mailstores, that /var/log/system.log has the following line in it a few times per day:
kernel: Limiting open port RST response from 770 to 250 packets per second
At that same time, in /opt/zimbra/log/zimbrastats.csv, the number of pop connections spikes to around 20(usually 1-5). I have also noticed the advanced client hangs a bit during this time, sometimes getting a cannot connect to server popup. Eventually waiting a minute everything is fine.
A google search of what is in system.log says it's someone doing port scanning. Our snort logs show little abnormalities at the time this happens..mainly more pop connects than usual...this can also be verified by checking out /opt/zimbra/log/mailbox.log and looking at attempted pop connections for users.
I know port scanning happens and we have a firewall in place so only the needed ports are advertised...but should I be worrying about this? It obviously is causing some performance issues for the web client. We are using Mac OS X 10.4.10 dual G5 with 4 GB mem.
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: zimico and 5 guests