View Single Post
  #6  
Old 21st May 2013, 14:07
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,624
Thanks: 793
Thanked 4,996 Times in 3,909 Posts
Default

Quote:
Yes, you are right the mail was delivered to the same account that sent it in less than 1 minute.
Ok, thats good.

So the eror might be one of the following problems:

- Your server blocks external mail connections:

Please post the output of:

iptables -L

and

netstat -tap

- Your internet access provider which provides the internet connection to yourserver blocks port 25 or there is a router between the server and the internet whcih blocks port 25.
- There is a dns problem, e.g. the MX record does not point to the server. Test the dns record(s) of the domain with e.g. intodns:

http://www.intodns.com/

Quote:
I'm quite sure that my system has been hacked and I'm wondering if fail2ban is working properly.
The Ban / Unban messages indicate that fail2ban is working correctly, at least for SSH.

If you wnat to test it for other services you will have to use e.g. a mail client (not webmail) or a external FTP client and enter a wrong password more then 5 times.

If you think that the system has been hacked, then you should check it with rkhunter:

rkhunter --update

and then

rkhunter -c

The most important part is if there are any rootkits found. In the first part which checks the binaries you will most likely see some false positives.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote