Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th March 2012, 23:36
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default Mail server attack blocked, but still nothing in mail.err

After this attack (from mail.err.1) there is nothing in the new mail.err log, so nothing since what was written to mail.err.1 on the 15th, though I had more attacks and had to get the ip addresses from the mail.info log since nothing new was written to mail.err.

I finally got all the ip's that were attacking blocked and things are back to normal except still nothing is being written to mail.err.

What can I do to get new info written to the mail.err log?

Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Reply With Quote
Sponsored Links
  #2  
Old 19th March 2012, 08:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

How do you block them? With iptables/route? Then the attackers don't even get to the point where anything is written to the mail error log.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th March 2012, 09:46
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by falko View Post
How do you block them? With iptables/route? Then the attackers don't even get to the point where anything is written to the mail error log.
I was manually blocking them because fail2ban was not working on SASL, so there should be entries in mail.err.

Please see http://www.howtoforge.com/forums/sho...763#post275763

Last edited by PermaNoob; 19th March 2012 at 09:51.
Reply With Quote
  #4  
Old 20th March 2012, 13:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Waht do you mean with "manually blocking"?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 21st March 2012, 06:46
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
 
Default

Quote:
Originally Posted by falko View Post
Waht do you mean with "manually blocking"?
Sorry, manually adding the ip to iptables.

Anyway, on the 20th it was filled with "Maximum connection limit reached" for a single ip, so I guess it's working--I didn't realize it only logged those as errors.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
postfix problem jagsler Server Operation 41 7th July 2011 14:19
installing squirrelmail on Debian with ispconfig3 saco721 Installation/Configuration 18 1st April 2011 17:57
Virtual Users+Postfix+Courier+CentOS problem telnet localhost 25 stinson HOWTO-Related Questions 11 5th February 2011 13:57
Debian 5 Ajax error + network interface always shutting down ev0css Installation/Configuration 3 5th June 2010 12:58


All times are GMT +2. The time now is 16:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.