[Postfixbuch-users] [OT] fail2ban stürzt ab ???
Uwe Driessen
driessen at fblan.de
Do Dez 13 12:18:19 CET 2007
usenet at deiszner.de schrieb:
> Ich habe die neueste stable Version von fail2ban laufen gehabt.
> Eben habe ich bemerkt, das das Teil wieder abgeschmiert ist :-/
>
> * Serverauslastung ist ok - keine Probleme zum Zeitpunkt des 'abschmierens'
> * Postfix-Logfile:
>
Evtl. V-Server Problem ? zuviele Files offen bzw. zu viele Einträge in IPTables ?
Kann nicht bestätigen das fail2ban abschmiert und das bei immer so um die 200-400 Einträge
in Iptables. Aktuell sogar 1700 größten Teils botnet PC's ) die nerven seit gestern morgen
>
>
> Dec 12 13:45:10 v1577 postfix/smtpd[26337]: connect from
> unknown[219.159.20.53]
> Dec 12 13:45:14 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from
> unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
> fully-qualified hostname; from=<qsavvk at bossierfire.com>
> to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
> Dec 12 13:45:16 v1577 postfix/smtpd[26337]: lost connection after DATA
> from unknown[219.159.20.53]
> Dec 12 13:45:16 v1577 postfix/smtpd[26337]: disconnect from
> unknown[219.159.20.53]
> Dec 12 13:45:22 v1577 postfix/smtpd[26337]: connect from
> unknown[219.159.20.53]
> Dec 12 13:45:27 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from
> unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
> fully-qualified hostname; from=<lkifeaovtfvy at brainkrash.com>
> to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
> Dec 12 13:45:28 v1577 postfix/smtpd[26337]: lost connection after DATA
> from unknown[219.159.20.53]
> Dec 12 13:45:28 v1577 postfix/smtpd[26337]: disconnect from
> unknown[219.159.20.53]
> Dec 12 13:45:36 v1577 postfix/smtpd[26337]: connect from
> unknown[219.159.20.53]
> Dec 12 13:45:38 v1577 postfix/smtpd[26323]: connect from
> unknown[121.63.188.241]
> Dec 12 13:45:40 v1577 postfix/smtpd[26323]: NOQUEUE: reject: RCPT from
> unknown[121.63.188.241]: 554 5.7.1 <kela.kela.kari at memonet.fi>: Relay
> access denied; from=<susRamiro at trolltech.com>
> to=<kela.kela.kari at memonet.fi> proto=SMTP helo=<mail>
> Dec 12 13:45:40 v1577 postfix/smtpd[26323]: disconnect from
> unknown[121.63.188.241]
> Dec 12 13:45:40 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from
> unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
> fully-qualified hostname; from=<awbo at bomplant11.appl.ge.com>
> to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
> Dec 12 13:45:42 v1577 postfix/smtpd[26337]: lost connection after DATA
> from unknown[219.159.20.53]
> Dec 12 13:45:42 v1577 postfix/smtpd[26337]: disconnect from
> unknown[219.159.20.53]
> Dec 12 13:45:50 v1577 postfix/smtpd[26323]: connect from
> unknown[219.159.20.53]
> Dec 12 13:45:54 v1577 postfix/smtpd[26323]: NOQUEUE: reject: RCPT from
> unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
> fully-qualified hostname; from=<gja at boulevardballoons.com>
> to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
> Dec 12 13:45:56 v1577 postfix/smtpd[26323]: lost connection after DATA
> from unknown[219.159.20.53]
> Dec 12 13:45:56 v1577 postfix/smtpd[26323]: disconnect from
> unknown[219.159.20.53]
>
>
>
> * fail2ban-Logfile (ich lass das Teil schon im Debug-Modus laufen in der
> Hoffnung was zu erkennen)
>
> 2007-12-12 13:45:48,194 fail2ban.actions.action: DEBUG iptables -n -L
> INPUT | grep -q fail2ban-postfix
> 2007-12-12 13:45:48,204 fail2ban.actions.action: DEBUG iptables -n -L
> INPUT | grep -q fail2ban-postfix returned successfully
> 2007-12-12 13:45:48,205 fail2ban.actions.action: DEBUG iptables -D
> fail2ban-postfix -s 84.105.54.144 -j DROP
> 2007-12-12 13:45:48,213 fail2ban.actions.action: DEBUG iptables -D
> fail2ban-postfix -s 84.105.54.144 -j DROP returned successfully
> 2007-12-12 13:45:48,214 fail2ban.actions.action: DEBUG iptables -D
> INPUT -p tcp -m multiport --dports smtp -j fail2ban-postfix
> iptables -F fail2ban-postfix
> iptables -X fail2ban-postfix
> 2007-12-12 13:45:48,256 fail2ban.actions.action: DEBUG iptables -D
> INPUT -p tcp -m multiport --dports smtp -j fail2ban-postfix
> iptables -F fail2ban-postfix
> iptables -X fail2ban-postfix returned successfully
> 2007-12-12 13:45:48,256 fail2ban.actions: DEBUG postfix: action terminated
> 2007-12-12 13:45:48,257 fail2ban.server.communication: DEBUG Removed
> socket file /var/run/fail2ban.sock
> 2007-12-12 13:45:48,257 fail2ban.server.communication: DEBUG Socket
> shutdown
>
Mit freundlichen Grüßen
Drießen
--
Software & Computer
Uwe Drießen
Lembergstraße 33
67824 Feilbingert
Tel.: 06708 / 660045 Fax: 06708 / 661397
Mehr Informationen über die Mailingliste Postfixbuch-users