Is this something to worry about?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Advanced member
Advanced member
Posts: 179
Joined: Fri Sep 12, 2014 10:09 pm

Is this something to worry about?

Postby kirme3 » Wed Sep 26, 2007 4:24 pm

I've noticed recently, on my mailstores, that /var/log/system.log has the following line in it a few times per day:
kernel[0]: Limiting open port RST response from 770 to 250 packets per second
At that same time, in /opt/zimbra/log/zimbrastats.csv, the number of pop connections spikes to around 20(usually 1-5). I have also noticed the advanced client hangs a bit during this time, sometimes getting a cannot connect to server popup. Eventually waiting a minute everything is fine.
A google search of what is in system.log says it's someone doing port scanning. Our snort logs show little abnormalities at the time this happens..mainly more pop connects than usual...this can also be verified by checking out /opt/zimbra/log/mailbox.log and looking at attempted pop connections for users.
I know port scanning happens and we have a firewall in place so only the needed ports are advertised...but should I be worrying about this? It obviously is causing some performance issues for the web client. We are using Mac OS X 10.4.10 dual G5 with 4 GB mem.
Any suggestions?

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 11 guests