Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation
Reload this Page Mail server attack blocked, but still nothing in mail.err
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th March 2012, 23:36
PermaNoob PermaNoob is offline
Senior Member
  
Join Date: Jan 2007
Posts: 159
Thanks: 11
Thanked 4 Times in 4 Posts
Default Mail server attack blocked, but still nothing in mail.err
After this attack (from mail.err.1) there is nothing in the new mail.err log, so nothing since what was written to mail.err.1 on the 15th, though I had more attacks and had to get the ip addresses from the mail.info log since nothing new was written to mail.err.

I finally got all the ip's that were attacking blocked and things are back to normal except still nothing is being written to mail.err.

What can I do to get new info written to the mail.err log?

Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:46 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Mar 15 04:21:47 server3 pop3d: Maximum connection limit reached for ::ffff:200.143.142.174
Reply With Quote
Sponsored Links
  #2  
Old 19th March 2012, 08:26
falko falko is online now
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,599 Times in 2,448 Posts
Default
How do you block them? With iptables/route? Then the attackers don't even get to the point where anything is written to the mail error log.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th March 2012, 09:46
PermaNoob PermaNoob is offline
Senior Member
  
Join Date: Jan 2007
Posts: 159
Thanks: 11
Thanked 4 Times in 4 Posts
Default
Quote:
Originally Posted by falko View Post
How do you block them? With iptables/route? Then the attackers don't even get to the point where anything is written to the mail error log.
I was manually blocking them because fail2ban was not working on SASL, so there should be entries in mail.err.

Please see http://www.howtoforge.com/forums/sho...763#post275763
Last edited by PermaNoob; 19th March 2012 at 09:51.
Reply With Quote
  #4  
Old 20th March 2012, 13:48
falko falko is online now
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,599 Times in 2,448 Posts
Default
Waht do you mean with "manually blocking"?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 21st March 2012, 06:46
PermaNoob PermaNoob is offline
Senior Member
  
Join Date: Jan 2007
Posts: 159
Thanks: 11
Thanked 4 Times in 4 Posts
 
Default
Quote:
Originally Posted by falko View Post
Waht do you mean with "manually blocking"?
Sorry, manually adding the ip to iptables.

Anyway, on the 20th it was filled with "Maximum connection limit reached" for a single ip, so I guess it's working--I didn't realize it only logged those as errors.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sending email issue lezelf Installation/Configuration 15 9th August 2011 11:20
postfix problem jagsler Server Operation 41 7th July 2011 14:19
installing squirrelmail on Debian with ispconfig3 saco721 Installation/Configuration 18 1st April 2011 17:57
Virtual Users+Postfix+Courier+CentOS problem telnet localhost 25 stinson HOWTO-Related Questions 11 5th February 2011 13:57
Debian 5 Ajax error + network interface always shutting down ev0css Installation/Configuration 3 5th June 2010 12:58


All times are GMT +2. The time now is 15:45.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.