My mail server has been working perfectly until just recently. It could no longer send nor receive mails. I checked the mail log and it showed something like this.

Sep 2 22:49:24 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 2 22:49:24 tkl dovecot: IMAP(username): Disconnected: Logged out
Sep 2 22:49:25 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 2 22:49:25 tkl dovecot: IMAP(username): Disconnected: Logged out
Sep 2 22:49:25 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 2 22:49:26 tkl dovecot: IMAP(username): Disconnected: Logged out
Sep 2 22:50:20 tkl postfix/smtpd[23284]: connect from localhost[127.0.0.1]
Sep 2 22:50:20 tkl postfix/smtpd[23284]: 596EB3D221F: client=localhost[127.0.0.1]
Sep 2 22:50:27 tkl postfix/cleanup[23268]: 596EB3D221F: hold: header Received: from www.example.com (localhost [127.0.0.1])??by mail.example.com (Postfix) with ESMTP id 596EB3D221F;??Tue, 2 Sep 2008 22:50:20 +1200 (GILT) from localhost[127.0.0.1]; from=<username@example.com> to=<testuser@domain1.com> proto=ESMTP helo=<www.example.com>
Sep 2 22:50:27 tkl postfix/cleanup[23268]: 596EB3D221F: message-id=<55463.203.196.24.4.1220352627.squirrel@www.example .com>
Sep 2 22:50:27 tkl postfix/smtpd[23284]: disconnect from localhost[127.0.0.1]
Sep 2 22:50:27 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 2 22:50:28 tkl dovecot: IMAP(username): Disconnected: Logged out
Sep 2 22:50:28 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 2 22:50:29 tkl dovecot: IMAP(username): Disconnected: Logged out
Sep 2 22:53:53 tkl MailScanner[23035]: Commercial scanner clamav timed out!
Sep 2 22:53:53 tkl MailScanner[23035]: clamav: Failed to complete, timed out
Sep 2 22:53:53 tkl MailScanner[23035]: Virus Scanning: Denial Of Service attack detected!

It seems like we have been attacked with a DoS. Can anyone please tell me how to get out of this? I urgently need this 'cos we have not received mails in a week now.

Many thanks in advance.

Nareau

My server is now working perfectly well after upgrading the server to a virtual users and domains mail server as described in the howtos. However everything had to be overwritten thus resulting in a loss of all previous mails on the server. So if anyone will ever find a much safer and simpler solution to this, please let me know.

For ddos protection (http://gigabitdc.com) and ddos protected hosting i can recommend gigabitdc.com.

My server is now working perfectly well after upgrading the server to a virtual users and domains mail server as described in the howtos. However everything had to be overwritten thus resulting in a loss of all previous mails on the server. So if anyone will ever find a much safer and simpler solution to this, please let me know.

I recommend DDOS PROTECTED HOSTING (http://www.cybercobra.com) from Cybercobra.com, it is true ddos protected hosting and cheap prices, they'll transfer your site for free if your site is under ddos attack this moment!