1 Topic by jung (edited by jung 2020-10-29 23:26:23)

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 91

Topic: too much traffic causing firewall high cpu utilization

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail 1.3.1
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi Guys,

I'm having a very heavy network traffic in the firewall(cisco Meraki MX) that is causing the cpu utilization to up to 70% and the network is down. if the iredmail server network is unplug from the network. the network runs smoothly.

please have a look at the attached cisco meraki mx firewall log.

Post's attachments

ciscomerakifirewall log.png 154.88 kb, 1 downloads since 2020-10-29 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: too much traffic causing firewall high cpu utilization

This is not normal at all.
Could you figure out which application (on iRedMail?) produced so much traffic?

3 Reply by jung (edited by jung 2020-10-30 23:24:01)

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 91

Re: too much traffic causing firewall high cpu utilization

Hi Zhang,

I wonder why, even all the iredmail services are stop. still our network is down as long as iredmail server is connected to the network.

to my surprise, even nobody is using iredmail meaning no one is sending message and the mail.log is idle but our network is down because of heavy traffic that pass through the cisco meraki firewall from iredmail.

i even disabled the automatic backup using rsync in crontab but the same scenario.

Note:
a. it is working, before replacing all our switches and routers with cisco meraki and install cisco meraki firewall
b. spamassassin, fail2ban, clamav-daemon, clamav-freshclam status is active:active

Any help is much appreciated because it's been 4 days now since our iredmail1.3.1 is not working.

Thanks,
JunG

4 Reply by jung

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 91

Re: too much traffic causing firewall high cpu utilization

Hi Zhang,

Your help is really much appreciated. just let me know what kind of log you need so i can provide.
I really don't know what is happening in our iredmail server why it's sending too much packet. It is working smoothly before replacing all our cisco small business switches and router with cisco meraki devices and changing also the public ip and dns.

Thanks
JunG

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: too much traffic causing firewall high cpu utilization

This is not normal, and iRedMail just does the email thing and no way it generates so much traffic.
What i can tell is, try to figure out which application (on iRedMail?) produced so much traffic first. Maybe you can use "tcpdump" or similar tool.

6 Reply by jung

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 91

Re: too much traffic causing firewall high cpu utilization

Hi Zhang,

After thorough checking, found out that my iredmail server is not able to resolve dns name. I can ping domain ip's but not able to ping its domain name.

I spent two days trying to resolve the issue search from the forum/internet and apply the suggested fix but to no avail.

I've even put nameserver 8.8.8.8 and 8.8.4.4 but still not able to ping google.com but i can ping 8.8.8.8

Thanks,
JunG

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: too much traffic causing firewall high cpu utilization

No idea at all, i'm afraid that you're on your own since others don't know much about your network. sad

8 Reply by jung

  • jung
  • Member
  • Offline
  • Registered: 2020-01-08
  • Posts: 91

Re: too much traffic causing firewall high cpu utilization

Hi Zhang,

Yes, i know it's very hard on your end to troubleshoot my issue. What i did was, i switch to iredmail 0.9.9 server (this is my first running server before configuring iredmail 1.3.1 server and act as my third backup syncronizing all the email from iredmail 1.3.1)

Now, our iredmail 0.9.9 is up and running and I'm just rebuilding the iredmail 1.3.1 server which i installed version 1.3.2 using ubuntu 18.04.

Thank you so much Zhang.

JunG