Thanks for your reply, and for taking the time to help me here. This problem came up very suddenly two days ago, prior to that our system had been operating very smoothly for over a year.
Did you enable RBL rejection ?
Yes, it is enabled. We have used this RBL / SBL setup for a very long time with great success, almost no SPAM and I can't think of a single false positive.
I ran this command to confirm that they are enabled:
[root@david ~]# config show qpsmtpd
qpsmtpd=service
Bcc=disabled
BccMode=cc
BccUser=maillog
DNSBL=enabled
LogLevel=6
MaxScannerSize=25000000
RBLList=zen.spamhaus.org
RHSBL=enabled
RequireResolvableFromHost=no
SBLList=dsn.rfc-ignorant.org
access=public
status=enabled
Did you customise the spam filter (by selecting Custom) to reject messages if the spam score is higher than the score you nominate ?
Yes. It is enabled, set to custom, and should reject mail with a score higher than 5. People tell me this score is low, however we have used it for over a year with no problems at all.
Did you install the LearnAsSpam contrib that adds Bayesian filtering using the sonoraccom Howto ?
Yes, I've used Bayesian filtering for a while and our users are able to 'train' it by moving uncaught SPAM to a public folder on the exchange server, which I then "learn" on a weekly basis. We have a few thousand of both ham and spam in our Bayes database.
You can also reduce the number of connections per IP setting to reduce the load on your server, although I suspect if you configure RBL & spammassassin correctly then the 40 connections setting will probably be OK.
I will investigate doing that as you suggest. However, I'm concerned that will only make the problem worse. If I'm getting many connections, and I reduce the maximum number the server will deal with, won't that just cause additional rejection messages and additional delays?
One other forum post, where a similar problem was discussed, it was suggested that user run "netstat -an" When I do so, it reveals hundreds of connections, a few I've copied below:
tcp 1 0 192.168.222.2:25 206.162.204.150:63923 CLOSE_WAIT
tcp 5473 0 127.0.0.1:783 127.0.0.1:39634 CLOSE_WAIT
tcp 0 0 192.168.222.2:25 61.109.102.53:1275 ESTABLISHED
tcp 50621 0 127.0.0.1:783 127.0.0.1:39618 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 62.118.56.62:65397 CLOSE_WAIT
tcp 970 0 127.0.0.1:783 127.0.0.1:39650 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 85.180.169.121:4913 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 202.78.162.223:1945 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 65.12.104.160:63534 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 125.74.163.234:3066 CLOSE_WAIT
tcp 7256 0 127.0.0.1:783 127.0.0.1:39585 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 211.252.104.90:1832 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 200.127.121.24:1976 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 89.208.155.146:58400 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 210.213.84.162:4443 CLOSE_WAIT
tcp 5375 0 127.0.0.1:783 127.0.0.1:39552 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 70.42.193.103:40155 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 58.141.205.54:4273 CLOSE_WAIT
tcp 2475 0 127.0.0.1:783 127.0.0.1:39632 CLOSE_WAIT
tcp 2357 0 127.0.0.1:783 127.0.0.1:39616 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 62.118.56.62:65351 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 125.137.196.238:3595 CLOSE_WAIT
tcp 5226 0 127.0.0.1:783 127.0.0.1:39648 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 196.201.93.75:4824 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 89.111.97.6:2111 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 89.208.155.228:6567 CLOSE_WAIT
tcp 7242 0 127.0.0.1:783 127.0.0.1:39559 CLOSE_WAIT
tcp 5376 0 127.0.0.1:783 127.0.0.1:39607 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 125.137.196.238:4428 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 200.161.167.135:2270 CLOSE_WAIT
tcp 2221 0 127.0.0.1:783 127.0.0.1:39623 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 123.22.12.209:34788 CLOSE_WAIT
tcp 0 0 127.0.0.1:783 127.0.0.1:39543 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 66.218.67.71:23182 CLOSE_WAIT
tcp 1 0 192.168.222.2:25 89.49.86.135:2334 CLOSE_WAIT
tcp 0 0 127.0.0.1:39583 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39581 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39578 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39579 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39577 127.0.0.1:783 FIN_WAIT2
tcp 9933 0 127.0.0.1:783 127.0.0.1:39558 CLOSE_WAIT
tcp 0 0 127.0.0.1:39558 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39559 127.0.0.1:783 FIN_WAIT2
tcp 1 0 192.168.222.2:25 70.42.193.103:59805 CLOSE_WAIT
tcp 0 0 127.0.0.1:39557 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39552 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39564 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39563 127.0.0.1:783 FIN_WAIT2
tcp 5853 0 127.0.0.1:783 127.0.0.1:39606 CLOSE_WAIT
tcp 0 0 127.0.0.1:39606 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39607 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39612 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39610 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39608 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39585 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39598 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39599 127.0.0.1:783 FIN_WAIT2
tcp 9944 0 127.0.0.1:783 127.0.0.1:39638 CLOSE_WAIT
tcp 0 0 127.0.0.1:39638 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39636 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39634 127.0.0.1:783 FIN_WAIT2
tcp 0 0 127.0.0.1:39632 127.0.0.1:783 FIN_WAIT2
(and so on .....)
Any further ideas?