[Postfixbuch-users] [OT] fail2ban stürzt ab ???

usenet at deiszner.de usenet at deiszner.de
Do Dez 13 12:09:02 CET 2007


Ich habe die neueste stable Version von fail2ban laufen gehabt.
Eben habe ich bemerkt, das das Teil wieder abgeschmiert ist :-/

* Serverauslastung ist ok - keine Probleme zum Zeitpunkt des 'abschmierens'
* Postfix-Logfile:



Dec 12 13:45:10 v1577 postfix/smtpd[26337]: connect from 
unknown[219.159.20.53]
Dec 12 13:45:14 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from 
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need 
fully-qualified hostname; from=<qsavvk at bossierfire.com> 
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:16 v1577 postfix/smtpd[26337]: lost connection after DATA 
from unknown[219.159.20.53]
Dec 12 13:45:16 v1577 postfix/smtpd[26337]: disconnect from 
unknown[219.159.20.53]
Dec 12 13:45:22 v1577 postfix/smtpd[26337]: connect from 
unknown[219.159.20.53]
Dec 12 13:45:27 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from 
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need 
fully-qualified hostname; from=<lkifeaovtfvy at brainkrash.com> 
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:28 v1577 postfix/smtpd[26337]: lost connection after DATA 
from unknown[219.159.20.53]
Dec 12 13:45:28 v1577 postfix/smtpd[26337]: disconnect from 
unknown[219.159.20.53]
Dec 12 13:45:36 v1577 postfix/smtpd[26337]: connect from 
unknown[219.159.20.53]
Dec 12 13:45:38 v1577 postfix/smtpd[26323]: connect from 
unknown[121.63.188.241]
Dec 12 13:45:40 v1577 postfix/smtpd[26323]: NOQUEUE: reject: RCPT from 
unknown[121.63.188.241]: 554 5.7.1 <kela.kela.kari at memonet.fi>: Relay 
access denied; from=<susRamiro at trolltech.com> 
to=<kela.kela.kari at memonet.fi> proto=SMTP helo=<mail>
Dec 12 13:45:40 v1577 postfix/smtpd[26323]: disconnect from 
unknown[121.63.188.241]
Dec 12 13:45:40 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from 
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need 
fully-qualified hostname; from=<awbo at bomplant11.appl.ge.com> 
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:42 v1577 postfix/smtpd[26337]: lost connection after DATA 
from unknown[219.159.20.53]
Dec 12 13:45:42 v1577 postfix/smtpd[26337]: disconnect from 
unknown[219.159.20.53]
Dec 12 13:45:50 v1577 postfix/smtpd[26323]: connect from 
unknown[219.159.20.53]
Dec 12 13:45:54 v1577 postfix/smtpd[26323]: NOQUEUE: reject: RCPT from 
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need 
fully-qualified hostname; from=<gja at boulevardballoons.com> 
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:56 v1577 postfix/smtpd[26323]: lost connection after DATA 
from unknown[219.159.20.53]
Dec 12 13:45:56 v1577 postfix/smtpd[26323]: disconnect from 
unknown[219.159.20.53]



* fail2ban-Logfile (ich lass das Teil schon im Debug-Modus laufen in der 
Hoffnung was zu erkennen)

2007-12-12 13:45:48,194 fail2ban.actions.action: DEBUG  iptables -n -L 
INPUT | grep -q fail2ban-postfix
2007-12-12 13:45:48,204 fail2ban.actions.action: DEBUG  iptables -n -L 
INPUT | grep -q fail2ban-postfix returned successfully
2007-12-12 13:45:48,205 fail2ban.actions.action: DEBUG  iptables -D 
fail2ban-postfix -s 84.105.54.144 -j DROP
2007-12-12 13:45:48,213 fail2ban.actions.action: DEBUG  iptables -D 
fail2ban-postfix -s 84.105.54.144 -j DROP returned successfully
2007-12-12 13:45:48,214 fail2ban.actions.action: DEBUG  iptables -D 
INPUT -p tcp -m multiport --dports smtp -j fail2ban-postfix
iptables -F fail2ban-postfix
iptables -X fail2ban-postfix
2007-12-12 13:45:48,256 fail2ban.actions.action: DEBUG  iptables -D 
INPUT -p tcp -m multiport --dports smtp -j fail2ban-postfix
iptables -F fail2ban-postfix
iptables -X fail2ban-postfix returned successfully
2007-12-12 13:45:48,256 fail2ban.actions: DEBUG  postfix: action terminated
2007-12-12 13:45:48,257 fail2ban.server.communication: DEBUG  Removed 
socket file /var/run/fail2ban.sock
2007-12-12 13:45:48,257 fail2ban.server.communication: DEBUG  Socket 
shutdown




Mehr Informationen über die Mailingliste Postfixbuch-users