View Single Post
Old 21st May 2013, 15:07
till till is online now
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,653 Times in 4,462 Posts

Yes, you are right the mail was delivered to the same account that sent it in less than 1 minute.
Ok, thats good.

So the eror might be one of the following problems:

- Your server blocks external mail connections:

Please post the output of:

iptables -L


netstat -tap

- Your internet access provider which provides the internet connection to yourserver blocks port 25 or there is a router between the server and the internet whcih blocks port 25.
- There is a dns problem, e.g. the MX record does not point to the server. Test the dns record(s) of the domain with e.g. intodns:

I'm quite sure that my system has been hacked and I'm wondering if fail2ban is working properly.
The Ban / Unban messages indicate that fail2ban is working correctly, at least for SSH.

If you wnat to test it for other services you will have to use e.g. a mail client (not webmail) or a external FTP client and enter a wrong password more then 5 times.

If you think that the system has been hacked, then you should check it with rkhunter:

rkhunter --update

and then

rkhunter -c

The most important part is if there are any rootkits found. In the first part which checks the binaries you will most likely see some false positives.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote