Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: marsa_matruh on October 03, 2023, 02:06:34 PM
-
After a recent update (2 weeks ago, previous one in June) of my server, email management is struggling. When using webmail, it needs several seconds for each step: connecting, displaying box content, showing the content of an email, suppressing an email... With local imap connection of Thunderbird, it is less pronounced but it is still present, for instance when sending an email.
Web site (static pages) is smooth. Server manager is also smooth.
There is not dead or ghost process running CPU at 100 %. I didn't observed anything special in messages.
I tried a reconfigure and later made a new update (couple of new packages). No change.
Server is installed on a single SSD.
Any hint on what to investigate would be welcome.
-
I guess it might either be due to a busy server or to slow communication. Does "top" give any clues as to the load of the server? Does "iftop" give clues about the network bandwidth usage?
-
After a recent update (2 weeks ago, previous one in June)
Any hint on what to investigate would be welcome.
So what packages did you install?
Check you yum logs.
-
For top:
top - 10:43:01 up 2 days, 23:25, 1 user, load average: 0,04, 0,05, 0,05
Tasks: 257 total, 1 running, 256 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0,1 us, 0,1 sy, 0,0 ni, 99,8 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem : 4036276 total, 1006356 free, 2060840 used, 969080 buff/cache
KiB Swap: 4063228 total, 4032252 free, 30976 used. 1623320 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1511 clamscan 20 0 1727728 1,3g 2572 S 0,0 33,5 2:20.25 clamd
664 smelog 20 0 4368 432 400 S 0,0 0,0 2:03.98 multilog
1422 qpsmtpd 20 0 227236 29548 4608 S 0,0 0,7 1:22.32 qpsmtpd-fo+
3243 mysql 20 0 1038032 85316 4684 S 0,0 2,1 1:17.57 mysqld
1 root 20 0 191560 4196 2440 S 0,0 0,1 1:01.61 systemd
470 root 20 0 67792 21600 21248 S 0,0 0,5 0:58.79 systemd-jo+
630 dbus 20 0 58092 2068 1572 S 0,0 0,1 0:51.08 dbus-daemon
9 root 20 0 0 0 0 S 0,0 0,0 0:40.79 rcu_sched
40 root 20 0 0 0 0 S 0,0 0,0 0:27.33 kworker/0:1
403 root 20 0 0 0 0 S 0,0 0,0 0:27.14 xfsaild/dm+
1939 root 20 0 866984 15596 13616 S 0,0 0,4 0:26.05 rsyslogd
1458 dnscache 20 0 14568 10260 440 S 0,0 0,3 0:22.87 dnscache
1963 dnscache 20 0 4996 744 428 S 0,0 0,0 0:20.25 dnscache
2179 root 20 0 393700 6888 4644 S 0,0 0,2 0:19.84 nmbd
15748 root 20 0 0 0 0 S 0,0 0,0 0:19.66 kworker/3:0
645 root 20 0 21540 1216 964 S 0,0 0,0 0:17.49 irqbalance
643 root 20 0 26384 1616 1328 S 0,0 0,0 0:16.59 systemd-lo+
Even during webmail loging (waiting for connection after user/password), CPU load don't increase.
iftop command not found.
Yum logs at that time:
Sep 16 11:52:20 Updated: php74-php-json-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:20 Updated: php74-php-common-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:20 Updated: php71-php-json-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:20 Updated: php71-php-common-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:20 Updated: php80-php-common-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:21 Updated: php81-php-common-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:21 Updated: php73-php-json-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:21 Updated: php73-php-common-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:21 Updated: libzip5-1.10.1-1.el7.remi.x86_64
Sep 16 11:52:21 Updated: clamav-filesystem-0.103.10-1.el7.noarch
Sep 16 11:52:23 Installed: php82-runtime-8.2-5.el7.remi.x86_64
Sep 16 11:52:23 Installed: php82-php-common-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:23 Installed: php82-php-xml-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:24 Installed: php82-php-cli-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:24 Updated: clamav-lib-0.103.10-1.el7.x86_64
Sep 16 11:52:24 Updated: clamav-update-0.103.10-1.el7.x86_64
Sep 16 11:52:24 Installed: php82-php-pdo-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:24 Installed: php82-php-process-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-common-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-pdo-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-xml-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:25 Updated: php56-php-cli-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:26 Updated: php73-php-cli-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:26 Updated: php73-php-xml-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:26 Updated: php73-php-pdo-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:26 Updated: php81-php-pdo-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:27 Updated: php81-php-cli-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:28 Updated: php80-php-cli-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:28 Updated: php80-php-pdo-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:28 Updated: php71-php-pdo-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:28 Updated: php71-php-xml-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:28 Updated: php71-php-cli-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:28 Updated: php74-php-xml-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:29 Updated: php74-php-cli-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:29 Updated: php74-php-pdo-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-common-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-json-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-cli-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-pdo-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:29 Updated: php72-php-xml-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-common-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-json-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-pdo-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-cli-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: php70-php-xml-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:30 Updated: openssh-7.4p1-23.el7_9.x86_64
Sep 16 11:52:30 Updated: 32:bind-license-9.11.4-26.P2.el7_9.14.noarch
Sep 16 11:52:30 Updated: 32:bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:30 Updated: 32:bind-libs-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:31 Updated: php70-php-xmlrpc-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-mysqlnd-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-process-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-snmp-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-enchant-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-intl-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-imap-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:31 Updated: php70-php-ldap-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-opcache-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-bcmath-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-mbstring-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-tidy-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-soap-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-gd-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-fpm-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php70-php-mcrypt-7.0.33-40.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-xmlrpc-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-mysqlnd-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-gd-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-imap-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:32 Updated: php72-php-soap-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-mbstring-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-snmp-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-tidy-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-opcache-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-intl-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-enchant-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-process-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-bcmath-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-fpm-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php72-php-ldap-7.2.34-19.el7.remi.x86_64
Sep 16 11:52:33 Updated: php74-php-mysqlnd-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:33 Updated: php74-php-xmlrpc-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:34 Updated: php71-php-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:34 Updated: php71-php-xmlrpc-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:34 Updated: php71-php-mysqlnd-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:34 Updated: php80-php-mysqlnd-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:34 Updated: php81-php-mysqlnd-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:34 Updated: php73-php-mysqlnd-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:34 Updated: php73-php-xmlrpc-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:34 Updated: php73-php-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-xmlrpc-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-mysqlnd-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-bcmath-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-snmp-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:34 Updated: php56-php-imap-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-fpm-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-mbstring-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-process-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-gd-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-ldap-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-soap-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-mcrypt-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-tidy-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-intl-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-opcache-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Updated: php56-php-enchant-5.6.40-39.el7.remi.x86_64
Sep 16 11:52:35 Installed: 1:php82-php-pear-1.10.13-5.el7.remi.noarch
Sep 16 11:52:36 Installed: php82-php-mysqlnd-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-pecl-xmlrpc-1.0.0~rc3-2.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-ldap-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-bcmath-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-tidy-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-enchant-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-gd-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-opcache-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:36 Installed: php82-php-soap-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-fpm-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-sodium-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-imap-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-intl-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-mbstring-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:37 Installed: php82-php-snmp-8.2.10-1.el7.remi.x86_64
Sep 16 11:52:38 Updated: php81-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:38 Updated: php55-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:38 Updated: php71-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php80-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php74-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php73-php-pecl-zip-1.22.2-1.el7.remi.x86_64
Sep 16 11:52:39 Updated: php73-php-tidy-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:39 Updated: php73-php-fpm-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-mbstring-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-ldap-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-snmp-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-imap-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-enchant-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-process-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-soap-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-intl-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-gd-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-bcmath-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php73-php-opcache-7.3.33-11.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-xml-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-tidy-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-mbstring-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-process-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-intl-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-ldap-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-opcache-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-bcmath-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-snmp-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:40 Updated: php81-php-sodium-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-gd-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-imap-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-fpm-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-enchant-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php81-php-soap-8.1.23-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php80-php-gd-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php80-php-sodium-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:41 Updated: php80-php-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-bcmath-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-intl-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-imap-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-enchant-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-snmp-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-xml-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-fpm-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-mbstring-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-soap-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-opcache-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-process-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-tidy-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:42 Updated: php80-php-ldap-8.0.30-1.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-fpm-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-tidy-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-enchant-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-mcrypt-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-soap-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-process-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-opcache-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-ldap-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:43 Updated: php71-php-intl-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-mbstring-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-snmp-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-gd-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-imap-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php71-php-bcmath-7.1.33-27.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-bcmath-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-fpm-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-ldap-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-sodium-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-snmp-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-tidy-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-enchant-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:44 Updated: php74-php-process-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-mbstring-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-gd-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-intl-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-opcache-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-imap-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: php74-php-soap-7.4.33-8.el7.remi.x86_64
Sep 16 11:52:45 Updated: smeserver-yum-2.6.2-3.el7.sme.noarch
Sep 16 11:52:45 Updated: e-smith-base-5.8.1-28.el7.sme.x86_64
Sep 16 11:52:46 Updated: smeserver-php-3.0.0-46.el7.sme.x86_64
Sep 16 11:52:46 Installed: perl-Parse-RecDescent-1.967009-5.el7.noarch
Sep 16 11:52:46 Updated: perl-Net-IMAP-Simple-1.2212-1.of.el7.noarch
Sep 16 11:52:46 Updated: smeserver-qpsmtpd-2.7.0-14.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-domains-2.6.0-6.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-ldap-5.6.0-17.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-proxy-5.6.0-12.el7.sme.noarch
Sep 16 11:52:46 Updated: smeserver-horde-1.0.0-34.el7.sme.noarch
Sep 16 11:52:46 Updated: e-smith-ntp-2.6.0-18.el7.sme.noarch
Sep 16 11:52:46 Updated: 32:bind-utils-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:47 Updated: openssh-server-7.4p1-23.el7_9.x86_64
Sep 16 11:52:47 Updated: openssh-clients-7.4p1-23.el7_9.x86_64
Sep 16 11:52:47 Updated: clamav-0.103.10-1.el7.x86_64
Sep 16 11:52:47 Updated: clamd-0.103.10-1.el7.x86_64
Sep 16 11:52:52 Updated: clamav-data-0.103.10-1.el7.noarch
Sep 16 11:52:52 Updated: 32:bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64
Sep 16 11:52:57 Installed: kernel-3.10.0-1160.95.1.el7.x86_64
Sep 16 11:52:57 Updated: perl-Quota-1.8.2-1.el7.sme.x86_64
Sep 16 11:52:57 Updated: kernel-headers-3.10.0-1160.95.1.el7.x86_64
-
press P to sort top by cpu usage.
-
After connecting to a webmail account, when arriving on the main box screen:
top - 17:51:41 up 3 days, 6:33, 1 user, load average: 0,04, 0,03, 0,05
Tasks: 265 total, 3 running, 262 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3,7 us, 2,4 sy, 0,0 ni, 93,8 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem : 4036276 total, 849060 free, 2154668 used, 1032548 buff/cache
KiB Swap: 4063228 total, 4032252 free, 30976 used. 1529484 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1756 qpsmtpd 20 0 269692 45508 4300 S 8,3 1,1 0:00.25 /usr/bin/qpsmtp
26539 apache 20 0 590796 22948 14120 S 7,0 0,6 0:01.20 php-fpm
12632 apache 20 0 593848 27700 18060 R 3,3 0,7 0:02.74 php-fpm
1759 boite 20 0 29548 9156 7536 S 1,0 0,2 0:00.03 imap
12644 apache 20 0 591236 27824 18236 S 1,0 0,7 0:02.16 php-fpm
9 root 20 0 0 0 0 S 0,3 0,0 0:45.00 rcu_sched
470 root 20 0 92344 38940 38588 S 0,3 1,0 1:04.74 systemd-journal
664 smelog 20 0 4368 432 400 S 0,3 0,0 2:16.68 multilog
1634 root 20 0 39072 2688 2040 S 0,3 0,1 0:00.20 auth
1706 root 20 0 0 0 0 S 0,3 0,0 0:00.03 kworker/3:0
1750 root 20 0 162224 2388 1572 R 0,3 0,1 0:00.10 top
1755 qpsmtpd 20 0 269708 45596 4356 S 0,3 1,1 0:00.25 /usr/bin/qpsmtp
2060 apache 20 0 160700 5084 2636 S 0,3 0,1 0:01.01 httpd
2090 dovecot 20 0 9752 1124 956 S 0,3 0,0 0:02.30 anvil
3243 mysql 20 0 1103864 85316 4684 S 0,3 2,1 1:25.24 mysqld
1 root 20 0 191560 4196 2440 S 0,0 0,1 1:07.55 systemd
2 root 20 0 0 0 0 S 0,0 0,0 0:00.03 kthreadd
-
At a rough guess I'd say you've finally upgraded smeserver-qpsmtpd which changes authentication from cvm-unix - that created lots of segfaults in your logs - to dovecot, and you are getting hammered by hackers.
Check your dovecot/sqpsmtpd/qpsmtpd logs to see authentications.
Look for auth_imap
Eg
grep auth_imap /var/log/sqpsmtpd/current
Watch the logs for action.
You can search here for more info on the relevant bug.
You probably ought to look at something like xt_geoip to block unwanted guests and reduce your load a bit. 4Gb with clamav is only just about enough to run your server, and it will really grind during DB updates.
For geoip check the worst places eg CN,VN and block them outright.
https://wiki.koozali.org/Xt_geoip
-
Yes, dovecot is full of unwanted users:
Oct 8 01:50:05 serveur dovecot: auth-worker(15999): pam(loa,127.0.0.1,<EJgsAykHpJ1/AAAB>): unknown user
Oct 8 01:50:07 serveur dovecot: imap-login: Disconnected (auth failed, 1 attempts in 19 secs): user=<loa>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<EJgsAykHpJ1/AAAB>
I will have a look at xt_geoip.
Thanks for pointing me in the right direction.
-
with 127.0.0.1 as ip it could be both from webmail bruteforce or smtp bruteforce.
as pointed by John you need to check also the qpsmtpd and sqpsmtpd logs.
also fail2ban/ geoip blocking would help reducing the impact of bruteforce