On 29/07/25 02:44, Lewis G Rosenthal wrote:

When you run out of network buffers, something is likely leaking
network buffers (i.e., using them and not returning them to the pool
when finished).

You should start closing applications one at a time until the number
of available buffers returns to a more normal level (netstat -m is
your friend), then restart those applications. Either there is a
configuration setting which might be changed or a defect in the code
 causing this.

Yes. Do this slowly enough so that you can tell which "close" fixed the
problem. That will be the one using up resources.

You obviously already have anti-attacker measures in place for Apache.

If Weasel turns out to be the culprit, reduce the "Max users" numbers.
Similarly for other programs.

Yesterday I started a new Weasel to test it. Immediately, even before
initialisation had finished, there were four simultaneous POPS sessions,
all from the same address. The number of attackers is clearly increasing
since I accepted input on the POPS port, and the only way to stop them
(apart from blacklisting those addresses, of course) is to have smaller
"Max users" limits.