If outbound or inbound mail on your cPanel/WHM server is suddenly bouncing with "421 Too many concurrent SMTP connections", your Exim mail server has hit one of its built-in connection throttles. This error is Exim's way of protecting itself from being overwhelmed, but it also silently blocks legitimate mail when the limits are set too conservatively for your traffic, or when a compromised account or misconfigured script is hammering the server with connections.
This guide walks through exactly what triggers the 421 error, how to confirm it in your Exim logs, and how to safely raise (or correctly tune) the relevant Exim directives in WHM without opening your server up to abuse.
What Causes the 421 Too Many Concurrent SMTP Connections Error
Exim on cPanel/WHM enforces several connection ceilings simultaneously. When any one of them is breached, the SMTP session is rejected with a temporary 421 error and the sending server is told to retry later. The three directives most commonly responsible are:
- smtp_accept_max — the total number of simultaneous inbound SMTP connections Exim will accept across the entire server. Default on most cPanel installs is 20 (or 200 depending on OS template).
- smtp_accept_max_per_host — the maximum number of simultaneous connections allowed from a single remote IP address. Default is typically 5.
- smtp_accept_queue / smtp_accept_queue_per_connection — limits on how many delivery processes Exim will spawn from SMTP input before it starts queuing messages instead of delivering them immediately.
The 421 error shows up in two very different scenarios, and it's important to diagnose which one you're facing before touching any config:
Scenario A: Legitimate traffic spike
A busy transactional mail sender (WooCommerce store, mass-mailing plugin, CRM integration) opens more simultaneous connections than the default limit allows. This is the "safe to raise the limit" case.
Scenario B: Abuse or compromise
A compromised cPanel account, leaked SMTP credential, or a script running a mail loop is opening dozens of concurrent connections trying to send spam. Raising limits here just lets the abuse through faster — you need to find and shut down the source first.
Step 1: Confirm the Error in the Exim Logs
SSH into the server as root and check the main Exim log for the exact rejection message:
tail -f /var/log/exim_mainlog | grep "too many"
You are looking for lines similar to:
2026-07-01 14:22:03 smtp_accept_max_per_host reached for 203.0.113.44 (this connection amongst others)
2026-07-01 14:22:03 rejected connection from H=(unknown) [203.0.113.44]: too many connections
Note whether the offending IP is a single external host (points to Scenario B — investigate that IP) or whether the limit hits are spread across many different IPs while overall server load is high (points to Scenario A — genuine traffic growth).
Cross-check current active SMTP connections in real time:
exim -bp | wc -l
netstat -antp | grep ':25\|:587\|:465' | grep ESTABLISHED | wc -l
Step 2: Identify Which Account or Script Is Triggering It
If you suspect abuse, find which cPanel user or domain is generating the volume:
eximstats -h 1
/scripts/mailer_check
Or query the current queue for the top senders:
exim -bp | exiqsumm
If a single domain or account dominates the output with outgoing mail you don't recognize, suspend it immediately from WHM (Account Functions > Suspend Account) before adjusting any connection limits, and change that account's email/FTP/SSH passwords.
Step 3: Tune Exim Connection Limits in WHM
Once you've confirmed the traffic is legitimate, raise the limits through the Exim Configuration Manager rather than hand-editing exim.conf, since WHM will overwrite manual edits on the next Exim rebuild.
Numbered Steps
- Log in to WHM as root.
- Navigate to Service Configuration > Exim Configuration Manager.
- Click the Advanced Editor tab.
- Search for
smtp_accept_maxin the configuration text. If it isn't present, add it under the main configuration section. - Set a value appropriate to your server's resources, for example:
smtp_accept_max = 100 smtp_accept_max_per_host = 10 smtp_accept_queue = 200 smtp_accept_queue_per_connection = 30 - Click Save at the bottom of the page. WHM will validate the syntax before applying it.
- Restart Exim to apply the new limits:
/scripts/restartsrv_exim - Re-run
tail -f /var/log/exim_mainlogand confirm the 421 rejections stop appearing for the previously affected sender.
If you prefer editing the file directly for a quick test before committing changes in the GUI, the live config lives at:
/etc/exim.conf.localopts
Add or edit the same directives there, then rebuild and restart:
/scripts/buildeximconf
/scripts/restartsrv_exim
Step 4: Set Sane Ceilings — Don't Just Max Everything Out
It's tempting to set smtp_accept_max to an enormous number and never think about it again, but Exim spawns a process per connection. On a server with limited RAM, an unrestricted connection count during a spam surge or DDoS-style flood can exhaust memory and take down MySQL, Apache, and every other service on the box alongside mail.
A reasonable starting point for most VPS/dedicated cPanel servers:
| Server RAM | smtp_accept_max | smtp_accept_max_per_host |
|---|---|---|
| 4–8 GB | 40–60 | 5–8 |
| 16–32 GB | 100–150 | 10–15 |
| 64 GB+ | 200–300 | 15–20 |
Monitor memory headroom after any change with free -m and top during peak mail hours for a few days before raising limits further.
Step 5: Add Per-Sender Rate Limiting Instead of Raising Global Limits Blindly
If one specific application (a newsletter sender, a booking system) legitimately needs more headroom without opening the floodgates for everyone, use Exim's ratelimit ACL condition instead of a blanket increase. In the Advanced Editor, inside the acl_check_rcpt or acl_smtp_mail block, add a rate-limiting condition scoped to the sending account or authenticated user, so bursty-but-legitimate senders get more room while unauthenticated or unrecognized senders remain capped at the default.
Step 6: Prevent Recurrence
- Enable SMTP Restrictions in WHM (Security Center > SMTP Restrictions) so only mailman, root, and exim can send mail on port 25, preventing compromised scripts from bypassing Exim entirely.
- Turn on cPHulk Brute Force Protection to catch credential-stuffing attempts against mail auth before they generate connection floods.
- Set per-account email sending limits in WHM > Manage Email Limits Per Hour so a single compromised account can't generate the connection volume that trips 421 errors server-wide.
- Monitor eximstats weekly to catch gradual traffic growth before it becomes an emergency, and plan connection-limit increases proactively rather than reactively.
Related Errors You May See Alongside 421
The 421 connection limit is often confused with a handful of other Exim throttling messages. Knowing the difference saves time when reading logs under pressure:
"421 Service not available, closing transmission channel"
This can also appear when Exim's overall daemon is restarting or when the smtp_load_reserve threshold is exceeded — meaning server load average, not connection count, is the trigger. Check uptime and compare against the configured smtp_load_reserve value before assuming it's a connection-count issue.
"421 Too many connections, please try again later" from the recipient's server
This is the same error code but generated by the receiving mail server, not yours. If your outbound queue shows this bouncing back from a specific provider like Outlook or Gmail, the fix is on the sending side — slow down your outbound rate to that domain rather than touching your inbound connection limits.
"554 relayed too fast" or "451 too many messages"
These are rate-based (message count), not connection-based, throttles. They come from smtp_ratelimit_hosts or smtp_ratelimit_mail restrictions rather than the concurrent connection settings covered in this guide.
Checking rDNS and Load Reserve Before Blaming Connection Limits
Sometimes what looks like a connection-limit problem is actually Exim refusing connections because the server is under load. Check the current load-based throttle:
grep smtp_load_reserve /etc/exim.conf.localopts
uptime
If your load average regularly exceeds the configured smtp_load_reserve value (commonly set to 10 by default on cPanel), Exim will reject new connections with a 421 regardless of how high you set smtp_accept_max. In that case, the real fix is investigating what's driving server load — often MySQL query load, a runaway cron job, or a resource-heavy WordPress site sharing the box — rather than raising mail-specific limits.
Also confirm reverse DNS (PTR record) is correctly set for the server's IP, since some receiving servers open and drop connections rapidly when rDNS fails, which can look like a connection flood in your logs even though it originates from failed handshakes rather than real traffic:
dig -x YOUR_SERVER_IP +short
Setting Up Ongoing Monitoring So You Catch This Before Customers Complain
Rather than waiting for a support ticket about bounced mail, add a simple cron-based check that alerts you when connection rejections start climbing:
*/10 * * * * grep -c "too many connections" /var/log/exim_mainlog | awk '$1 > 20 {print "High 421 rejection count: " $1}' | mail -s "Exim connection alert" admin@yourdomain.com
Pair this with WHM's built-in Service Status monitoring and enable email notifications for Exim restarts, so you have visibility any time the mail service bounces or reloads unexpectedly during a connection surge.
Testing the Fix From a Client Perspective
After adjusting limits and restarting Exim, verify from an external network (not the server itself) that the previously affected sending application can now complete its connections cleanly:
- Send a batch of test emails from the affected application (newsletter tool, CRM, WooCommerce) at the volume that previously triggered the 421 error.
- Watch
tail -f /var/log/exim_mainlogon the server in real time during the send. - Confirm no new "too many connections" lines appear for that sender's IP.
- Check the recipient inbox (or a mail-tester.com test address) to confirm delivery completed rather than just connection acceptance.
If connections now succeed but messages still queue or bounce for a different reason, that points to a separate issue (SPF/DKIM, blacklisting, or disk quota) rather than the connection limit you just fixed.
When to Escalate to a Managed Server Team
If you've confirmed the traffic is legitimate but limits are already tuned reasonably for your hardware, the 421 errors may point to a deeper issue — insufficient RAM for your mail volume, a noisy-neighbor VPS environment, or the need to move outbound mail to a dedicated relay/SMTP service. At that point, a full mail server health audit is worth more than another round of config tweaks.
CloudHouse Technologies' server management team handles Exim tuning, mail cluster audits, and 24/7 monitoring for cPanel/WHM environments so connection floods get caught and resolved before they cause an outage. Learn more about our server management services.
