Persistent pop3s connections

Simon Barrett simon.barrett at jinny.ie
Wed Feb 6 17:52:51 CET 2008 

Hello,

Five days ago I moved our kolab install to a new machine (CentOS 4.6) because 
of system instability on the previous hardware.  I performed a native install 
on the new machine of the same version of Kolab (2.0.4), then followed the 
recommendations in 

http://wiki.kolab.org/index.php/Backups_for_kolab2

to migrate the users.
Everything is running well since the change, but today some users reported 
timeouts, both on the local lan and from remote. 

Among other steps I checked netstat to see what the current usage was, 

# netstat -ant | more

and noticed that one external IP had an unual number of pop3s connections 
open, status 'ESTABLISHED'.

# netstat -ant | grep 12.34.56.78 | wc -l
169

I eventually blocked this IP on the firewall:

# iptables -L | head
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  12345678.example.com  anywhere

but this has not made any difference to the number of established connections.

I checked for authentication information in /kolab/var/imapd/log/pop3d.log and 
it shows that one of our users was connecting from that IP up until about 33 
hours ago.  It is his home DSL account.  He only has a laptop, which is 
sitting here in the office, and he does not use any other PC to collect mail.  
The PC has a different IP on the office lan (obviously), he is not connected 
remotely to his home lan and his laptop is not causing the same trouble from 
this side of the firewall.

I got the pid for some of these external connections from 
# lsof -i

and killed them off.  New processes were spawned in their place.  I've been 
keeping an eye on the number of connections and it seems to vary between 163 
and 170.

I would guess that I'm missing something basic, but I'd welcome any insights 
as to why these connections are being maintained, what could cause the issue 
in the first place, whether this could be the source of timeouts for other 
users, and whether I should be concerned.  I plan on restarting the daemon 
after hours tonight.


Thanks and regards, 

Simon Barrett

More information about the users mailing list