Applicable to:
- Plesk for Linux
Symptoms
-
IMAP accounts are failing to sync when using the Outlook mail client.
-
The Postfix service stops sending/receiving emails on port 587.
-
The following error can be found on
/var/log/maillog:CONFIG_TEXT: postfix/smtpd[12664]: warning: Connection concurrency limit exceeded: 51 from unknown [203.0.113.1] for service smtp
Cause
The maximum number of connections that an SMTP client may make simultaneously is exceeded (default is 50).
Resolution
Either of the following resolutions can be applied:
-
Connect to the server using SSH
-
Execute the command below to increase the maximum number of connections that an SMTP client may make simultaneously:
# postconf smtpd_client_connection_count_limit=100
Note: This is a sample value, it needs to be changed according to the server specifics.
-
Go to Plesk > Tools & Settings > IP Address Banning (Fail2Ban) >Jails > Add Jail
-
Add the following:
Name:
CONFIG_TEXT: postfix-concurrency
Filter:
CONFIG_TEXT: postfix-sasl -Postfix SMTP and SASL authentication failures \
Action:
CONFIG_TEXT: iptables-multiport[name="postfix-concurrency", port="smtp,smtps,submission" protocol="tcp"]
Log Path:
CONFIG_TEXT: /var/log/maillog
Ban Period:
CONFIG_TEXT: 600
The maximum number of failed login attempts:
CONFIG_TEXT: 5
-
Go to Tools & Settings > IP Address Banning (Fail2Ban) >Jails > Manage Filters > Add Filter
-
Add the following:
Name:
CONFIG_TEXT: postfix-concurrency
Content:
CONFIG_TEXT: [Definition]
failregex = warning: Connection concurrency limit exceeded: [0-9]+ from \S+\[<HOST>\] for service \S+$
ignoreregex = -
Connect to the server using SSH
-
Verify the filter functionality by running the following command:
# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-concurrency.local
-
If the configuration is correct you will get a result similar to the one below:
CONFIG_TEXT: Running tests
Use failregex filter file : postfix-concurrency, basedir: /etc/fail2ban
Use log file : /var/log/maillog
Use encoding : UTF-8
Results
Failregex: 0 total
Ignoreregex: 0 total
Comments
6 comments
Wrong: postconf smtpd_client_connection_count_limit = 100
Correct: postconf smtpd_client_connection_count_limit=100
Filter not accepted in Plesk Regex wrong.
@Miomir Besarabic Thank you for the feedback, the article was fixed.
#7 should be
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix-concurrency.local
@Del Corso
I have checked this path in Debian, Ubuntu, CentOS (different versions of all OSes) and everywhere the file extension is the same (.conf).
Please update us with OS and Plesk version you are using?
It saved the file with that extension when I created the filter within Plesk - everything works though!
Plesk 17.5.3 + CentOS 7
RPMs:
fail2ban-0.9.6-centos7.17031414.noarch
plesk-fail2ban-configurator-17.5.3-cos7.build1705170314.17.noarch
/etc/fail2ban/filter.d:
-rw-r----- 1 root root 3241 Mar 14 2017 apache-auth.conf
-rw-r----- 1 root root 2818 Mar 20 01:18 apache-badbots.conf
-rw-r----- 1 root root 813 Mar 14 2017 apache-common.conf
-rw-r----- 1 root root 1863 Mar 14 2017 common.conf
drwxr-xr-x 2 root root 33 Nov 26 2017 ignorecommands
-rw-r----- 1 root root 476 Mar 14 2017 plesk-courierlogin.conf
-rw-r----- 1 root root 1481 Mar 14 2017 plesk-dovecot.conf
-rw-r----- 1 root root 367 Mar 14 2017 plesk-horde.conf
-rw-r----- 1 root root 650 Mar 14 2017 plesk-modsecurity.conf
-rw-r----- 1 root root 529 Mar 14 2017 plesk-panel.conf
-rw-r----- 1 root root 547 Mar 14 2017 plesk-qmail.conf
-rw-r----- 1 root root 526 Mar 14 2017 plesk-roundcube.conf
-rw-r----- 1 root root 666 Mar 14 2017 plesk-wordpress.conf
-rw-r--r-- 1 root root 132 Mar 20 00:40 postfix-concurrency.local
-rw-r----- 1 root root 482 Mar 14 2017 postfix-sasl.conf
-rw-r----- 1 root root 1216 Mar 14 2017 proftpd.conf
-rw-r----- 1 root root 1286 Mar 14 2017 recidive.conf
-rw-r----- 1 root root 3160 Mar 14 2017 sshd.conf
@Del Corso
Thank you for your input. I have edited the article
Please sign in to leave a comment.