Over the last 24 hours have experienced complete slowup of the server.
The problem appears to be related to SMTP mail and shutting down the service smtpfront-qmail takes the load off the server and permits access to the internet again.
Restarting smtpfront-qmail and watching the server status using the command line NETSTAT indicates that about 20-30 different external IP addresses progressively connect to the smtp server and are trying to send mail all the time taking most of the CPU time and increasing the latency delay causing all other traffic to stop.
Smtp authentication is used on the server.
The mail log files list the IP addresses that connect or try to connect and send mail to users on the system that simply don't exist.
RBLs filtering has been changed from sbl-xbl.spamhaus.org to zen.spamhaus.org but to no effect. A check of the log files indicates that RBLs filtering is minimal.
This has not happened before and with smtpfront-qmail stopped there is of course no incoming mail being received.
Am at a loss as to what to check next? Is it possible to block the listed IP addresses from the server and keep everything functioning?
At this stage a carrier pigeon would be quicker and more reliable to send mail?