Topic: email management struggle

[marsa_matruh]

After a recent update (2 weeks ago, previous one in June) of my server, email management is struggling. When using webmail, it needs several seconds for each step: connecting, displaying box content, showing the content of an email, suppressing an email... With local imap connection of Thunderbird, it is less pronounced but it is still present, for instance when sending an email.

Web site (static pages) is smooth. Server manager is also smooth.

There is not dead or ghost process running CPU at 100 %. I didn't observed anything special in messages.

I tried a reconfigure and later made a new update (couple of new packages). No change.

Server is installed on a single SSD.

Any hint on what to investigate would be welcome.

[holck]

I guess it might either be due to a busy server or to slow communication. Does "top" give any clues as to the load of the server? Does "iftop" give clues about the network bandwidth usage?

[ReetP]

After a recent update (2 weeks ago, previous one in June)

Any hint on what to investigate would be welcome.

So what packages did you install?

Check you yum logs.

[marsa_matruh]

For top:

Code: [Select]

top - 10:43:01 up 2 days, 23:25,  1 user,  load average: 0,04, 0,05, 0,05
Tasks: 257 total,   1 running, 256 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0,1 us,  0,1 sy,  0,0 ni, 99,8 id,  0,0 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem :  4036276 total,  1006356 free,  2060840 used,   969080 buff/cache
KiB Swap:  4063228 total,  4032252 free,    30976 used.  1623320 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
 1511 clamscan  20   0 1727728   1,3g   2572 S   0,0 33,5   2:20.25 clamd
  664 smelog    20   0    4368    432    400 S   0,0  0,0   2:03.98 multilog
 1422 qpsmtpd   20   0  227236  29548   4608 S   0,0  0,7   1:22.32 qpsmtpd-fo+
 3243 mysql     20   0 1038032  85316   4684 S   0,0  2,1   1:17.57 mysqld
    1 root      20   0  191560   4196   2440 S   0,0  0,1   1:01.61 systemd
  470 root      20   0   67792  21600  21248 S   0,0  0,5   0:58.79 systemd-jo+
  630 dbus      20   0   58092   2068   1572 S   0,0  0,1   0:51.08 dbus-daemon
    9 root      20   0       0      0      0 S   0,0  0,0   0:40.79 rcu_sched
   40 root      20   0       0      0      0 S   0,0  0,0   0:27.33 kworker/0:1
  403 root      20   0       0      0      0 S   0,0  0,0   0:27.14 xfsaild/dm+
 1939 root      20   0  866984  15596  13616 S   0,0  0,4   0:26.05 rsyslogd
 1458 dnscache  20   0   14568  10260    440 S   0,0  0,3   0:22.87 dnscache
 1963 dnscache  20   0    4996    744    428 S   0,0  0,0   0:20.25 dnscache
 2179 root      20   0  393700   6888   4644 S   0,0  0,2   0:19.84 nmbd
15748 root      20   0       0      0      0 S   0,0  0,0   0:19.66 kworker/3:0
  645 root      20   0   21540   1216    964 S   0,0  0,0   0:17.49 irqbalance
  643 root      20   0   26384   1616   1328 S   0,0  0,0   0:16.59 systemd-lo+

Even during webmail loging (waiting for connection after user/password), CPU load don't increase.

iftop command not found.

Yum logs at that time:

Code: [Select]

Sep 16 11:52:20 Updated: php74-php-json-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:20 Updated: php74-php-common-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:20 Updated: php71-php-json-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:20 Updated: php71-php-common-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:20 Updated: php80-php-common-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:21 Updated: php81-php-common-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:21 Updated: php73-php-json-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:21 Updated: php73-php-common-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:21 Updated: libzip5-1.10.1-1.el7.remi.x86_64
Sep 16 11:52:21 Updated: clamav-filesystem-0.103.10-1.el7.noarch
Sep 16 11:52:23 Installed: php82-runtime-8.2-5.el7.remi.x86_64
Sep 16 11:52:23 Installed: php82-php-common-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:23 Installed: php82-php-xml-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:24 Installed: php82-php-cli-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:24 Updated: clamav-lib-0.103.10-1.el7.x86_64
Sep 16 11:52:24 Updated: clamav-update-0.103.10-1.el7.x86_64
Sep 16 11:52:24 Installed: php82-php-pdo-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:24 Installed: php82-php-process-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-common-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-pdo-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-xml-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-cli-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:26 Updated: php73-php-cli-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:26 Updated: php73-php-xml-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:26 Updated: php73-php-pdo-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:26 Updated: php81-php-pdo-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:27 Updated: php81-php-cli-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:28 Updated: php80-php-cli-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:28 Updated: php80-php-pdo-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:28 Updated: php71-php-pdo-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:28 Updated: php71-php-xml-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:28 Updated: php71-php-cli-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:28 Updated: php74-php-xml-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:29 Updated: php74-php-cli-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:29 Updated: php74-php-pdo-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-common-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-json-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-cli-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-pdo-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-xml-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-common-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-json-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-pdo-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-cli-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-xml-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: openssh-7.4p1-23.el7_9.x86_64
Sep 16 11:52:30 Updated: 32:bind-license-9.11.4-26.P2.el7_9.14.noarch
Sep 16 11:52:30 Updated: 32:bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:30 Updated: 32:bind-libs-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:31 Updated: php70-php-xmlrpc-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-mysqlnd-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-process-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-snmp-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-enchant-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-intl-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-imap-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-ldap-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-opcache-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-bcmath-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-mbstring-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-tidy-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-soap-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-gd-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-fpm-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-mcrypt-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-xmlrpc-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-mysqlnd-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-gd-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-imap-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-soap-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-mbstring-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-snmp-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-tidy-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-opcache-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-intl-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-enchant-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-process-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-bcmath-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-fpm-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-ldap-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php74-php-mysqlnd-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:33 Updated: php74-php-xmlrpc-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:34 Updated: php71-php-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:34 Updated: php71-php-xmlrpc-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:34 Updated: php71-php-mysqlnd-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:34 Updated: php80-php-mysqlnd-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:34 Updated: php81-php-mysqlnd-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:34 Updated: php73-php-mysqlnd-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:34 Updated: php73-php-xmlrpc-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:34 Updated: php73-php-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-xmlrpc-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-mysqlnd-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-bcmath-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-snmp-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-imap-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-fpm-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-mbstring-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-process-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-gd-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-ldap-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-soap-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-mcrypt-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-tidy-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-intl-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-opcache-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-enchant-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Installed: 1:php82-php-pear-1.10.13-5.el7.remi.noarch
Sep 16 11:52:36 Installed: php82-php-mysqlnd-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-pecl-xmlrpc-1.0.0~rc3-2.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-ldap-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-bcmath-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-tidy-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-enchant-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-gd-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-opcache-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-soap-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-fpm-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-sodium-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-imap-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-intl-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-mbstring-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-snmp-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:38 Updated: php81-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:38 Updated: php55-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:38 Updated: php71-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php80-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php74-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php73-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php73-php-tidy-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:39 Updated: php73-php-fpm-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-mbstring-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-ldap-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-snmp-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-imap-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-enchant-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-process-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-soap-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-intl-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-gd-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-bcmath-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-opcache-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-xml-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-tidy-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-mbstring-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-process-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-intl-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-ldap-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-opcache-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-bcmath-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-snmp-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-sodium-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-gd-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-imap-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-fpm-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-enchant-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-soap-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php80-php-gd-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php80-php-sodium-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php80-php-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-bcmath-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-intl-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-imap-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-enchant-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-snmp-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-xml-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-fpm-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-mbstring-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-soap-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-opcache-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-process-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-tidy-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-ldap-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-fpm-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-tidy-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-enchant-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-mcrypt-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-soap-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-process-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-opcache-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-ldap-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-intl-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-mbstring-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-snmp-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-gd-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-imap-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-bcmath-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-bcmath-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-fpm-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-ldap-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-sodium-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-snmp-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-tidy-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-enchant-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-process-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-mbstring-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-gd-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-intl-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-opcache-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-imap-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-soap-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: smeserver-yum-2.6.2-3.el7.sme.noarch
Sep 16 11:52:45 Updated: e-smith-base-5.8.1-28.el7.sme.x86_64
Sep 16 11:52:46 Updated: smeserver-php-3.0.0-46.el7.sme.x86_64
Sep 16 11:52:46 Installed: perl-Parse-RecDescent-1.967009-5.el7.noarch
Sep 16 11:52:46 Updated: perl-Net-IMAP-Simple-1.2212-1.of.el7.noarch
Sep 16 11:52:46 Updated: smeserver-qpsmtpd-2.7.0-14.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-domains-2.6.0-6.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-ldap-5.6.0-17.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-proxy-5.6.0-12.el7.sme.noarch
Sep 16 11:52:46 Updated: smeserver-horde-1.0.0-34.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-ntp-2.6.0-18.el7.sme.noarch
Sep 16 11:52:46 Updated: 32:bind-utils-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:47 Updated: openssh-server-7.4p1-23.el7_9.x86_64
Sep 16 11:52:47 Updated: openssh-clients-7.4p1-23.el7_9.x86_64
Sep 16 11:52:47 Updated: clamav-0.103.10-1.el7.x86_64
Sep 16 11:52:47 Updated: clamd-0.103.10-1.el7.x86_64
Sep 16 11:52:52 Updated: clamav-data-0.103.10-1.el7.noarch
Sep 16 11:52:52 Updated: 32:bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:57 Installed: kernel-3.10.0-1160.95.1.el7.x86_64
Sep 16 11:52:57 Updated: perl-Quota-1.8.2-1.el7.sme.x86_64
Sep 16 11:52:57 Updated: kernel-headers-3.10.0-1160.95.1.el7.x86_64

[Jean-Philippe Pialasse]

press P to sort top by cpu usage.

[marsa_matruh]

After connecting to a webmail account, when arriving on the main box screen:

Code: [Select]

top - 17:51:41 up 3 days,  6:33,  1 user,  load average: 0,04, 0,03, 0,05
Tasks: 265 total,   3 running, 262 sleeping,   0 stopped,   0 zombie
%Cpu(s):  3,7 us,  2,4 sy,  0,0 ni, 93,8 id,  0,0 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem :  4036276 total,   849060 free,  2154668 used,  1032548 buff/cache
KiB Swap:  4063228 total,  4032252 free,    30976 used.  1529484 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
 1756 qpsmtpd   20   0  269692  45508   4300 S   8,3  1,1   0:00.25 /usr/bin/qpsmtp
26539 apache    20   0  590796  22948  14120 S   7,0  0,6   0:01.20 php-fpm
12632 apache    20   0  593848  27700  18060 R   3,3  0,7   0:02.74 php-fpm
 1759 boite     20   0   29548   9156   7536 S   1,0  0,2   0:00.03 imap
12644 apache    20   0  591236  27824  18236 S   1,0  0,7   0:02.16 php-fpm
    9 root      20   0       0      0      0 S   0,3  0,0   0:45.00 rcu_sched
  470 root      20   0   92344  38940  38588 S   0,3  1,0   1:04.74 systemd-journal
  664 smelog    20   0    4368    432    400 S   0,3  0,0   2:16.68 multilog
 1634 root      20   0   39072   2688   2040 S   0,3  0,1   0:00.20 auth
 1706 root      20   0       0      0      0 S   0,3  0,0   0:00.03 kworker/3:0
 1750 root      20   0  162224   2388   1572 R   0,3  0,1   0:00.10 top
 1755 qpsmtpd   20   0  269708  45596   4356 S   0,3  1,1   0:00.25 /usr/bin/qpsmtp
 2060 apache    20   0  160700   5084   2636 S   0,3  0,1   0:01.01 httpd
 2090 dovecot   20   0    9752   1124    956 S   0,3  0,0   0:02.30 anvil
 3243 mysql     20   0 1103864  85316   4684 S   0,3  2,1   1:25.24 mysqld
    1 root      20   0  191560   4196   2440 S   0,0  0,1   1:07.55 systemd
    2 root      20   0       0      0      0 S   0,0  0,0   0:00.03 kthreadd


[ReetP]

At a rough guess I'd say you've finally upgraded smeserver-qpsmtpd which changes authentication from cvm-unix - that created lots of segfaults in your logs - to dovecot, and you are getting hammered by hackers.

Check your dovecot/sqpsmtpd/qpsmtpd logs to see authentications.

Look for auth_imap

Eg

Code: [Select]

grep auth_imap /var/log/sqpsmtpd/current
Watch the logs for action.

You can search here for more info on the relevant bug.

You probably ought to look at something like xt_geoip to block unwanted guests and reduce your load a bit. 4Gb with clamav is only just about enough to run your server, and it will really grind during DB updates.

For geoip check the worst places eg CN,VN and block them outright.

https://wiki.koozali.org/Xt_geoip

[marsa_matruh]

Yes, dovecot is full of unwanted users:

Code: [Select]

Oct  8 01:50:05 serveur dovecot: auth-worker(15999): pam(loa,127.0.0.1,<EJgsAykHpJ1/AAAB>): unknown user
Oct  8 01:50:07 serveur dovecot: imap-login: Disconnected (auth failed, 1 attempts in 19 secs): user=<loa>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<EJgsAykHpJ1/AAAB>

I will have a look at  xt_geoip.

Thanks for pointing me in the right direction.

[Jean-Philippe Pialasse]

with 127.0.0.1 as ip it could be both from webmail bruteforce or smtp bruteforce.
as pointed by John you need to check also the qpsmtpd  and sqpsmtpd logs. 

also fail2ban/ geoip blocking would help reducing the impact of bruteforce