HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   /var/log/maillog growing out of control -- not sure what I'm missing... (http://www.howtoforge.com/forums/showthread.php?t=46429)

NetEndeavors 8th June 2010 03:44

/var/log/maillog growing out of control -- not sure what I'm missing...
 
All,

My maillog is just growing out of control and I'm wondering what I can do to eliminate the crap messages as shown below

Thanks in advance!
Dave

Code:

Jun  7 21:36:43 morel postfix/smtpd[10373]: NOQUEUE: reject: RCPT from unknown[186.18.149.18]: 450 4.7.1 <cpe-18.149.18.186.in-addr.arpa>: Helo command rejected: Host not found; from=<stubbedc@redbrain.com> to=<g2210046@ms18.hinet.net> proto=ESMTP helo=<cpe-18.149.18.186.in-addr.arpa>
Jun  7 21:36:43 morel postfix/smtpd[10373]: NOQUEUE: reject: RCPT from unknown[186.18.149.18]: 450 4.7.1 <cpe-18.149.18.186.in-addr.arpa>: Helo command rejected: Host not found; from=<stubbedc@redbrain.com> to=<g2211@ms18.hinet.net> proto=ESMTP helo=<cpe-18.149.18.186.in-addr.arpa>
Jun  7 21:36:43 morel postfix/smtpd[10540]: NOQUEUE: reject: RCPT from unknown[112.166.173.186]: 450 4.7.1 <QFSEDRNVIK>: Helo command rejected: Host not found; from=<bowlingn@okdokay.com> to=<mail@patterson-robbins.com> proto=ESMTP helo=<QFSEDRNVIK>
Jun  7 21:36:43 morel postfix/smtpd[10373]: NOQUEUE: reject: RCPT from unknown[186.18.149.18]: 450 4.7.1 <cpe-18.149.18.186.in-addr.arpa>: Helo command rejected: Host not found; from=<stubbedc@redbrain.com> to=<g2683751@ms18.hinet.net> proto=ESMTP helo=<cpe-18.149.18.186.in-addr.arpa>
Jun  7 21:36:43 morel postfix/smtpd[10373]: NOQUEUE: reject: RCPT from unknown[186.18.149.18]: 450 4.7.1 <cpe-18.149.18.186.in-addr.arpa>: Helo command rejected: Host not found; from=<stubbedc@redbrain.com> to=<g2894@ms18.hinet.net> proto=ESMTP helo=<cpe-18.149.18.186.in-addr.arpa>
Jun  7 21:36:44 morel postfix/smtpd[10436]: NOQUEUE: reject: RCPT from unknown[186.84.129.95]: 450 4.7.1 <Dynamic-IP-1868412995.cable.net.co>: Helo command rejected: Host not found; from=<sarahc55@skepticult.org> to=<cassidy@syzygy.net> proto=ESMTP helo=<Dynamic-IP-1868412995.cable.net.co>
Jun  7 21:36:44 morel postfix/smtpd[10373]: NOQUEUE: reject: RCPT from unknown[186.18.149.18]: 450 4.7.1 <cpe-18.149.18.186.in-addr.arpa>: Helo command rejected: Host not found; from=<stubbedc@redbrain.com> to=<g2@ms18.hinet.net> proto=ESMTP helo=<cpe-18.149.18.186.in-addr.arpa>
Jun  7 21:36:44 morel postfix/smtpd[10436]: NOQUEUE: reject: RCPT from unknown[186.84.129.95]: 450 4.7.1 <Dynamic-IP-1868412995.cable.net.co>: Helo command rejected: Host not found; from=<sarahc55@skepticult.org> to=<casey@syzygy.net> proto=ESMTP helo=<Dynamic-IP-1868412995.cable.net.co>


till 8th June 2010 15:47

Looks like a spam attack. Or the DNS servers in /etc/resolv.conf are not reachable.

NetEndeavors 8th June 2010 16:40

Thanks till,

I just reconfigured and reverified my DNS settings and did nslookups on each nameserver specified.... All checked out fine there....

Any ideas what to configure to suppress these messages? Or fail2ban rules I can put in place to curtail them?

Dave

Mark_NL 8th June 2010 16:45

Looks like a spammer indeed .. might want to add some rbl checks in your config :)

just set your logrotator on daily or something, if the files tend to get to big.


All times are GMT +2. The time now is 21:24.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.