* mouss mo...@ml.netoyen.net:
too many users with 'a' as first letter, and machine is in the US while
OP is in UK. so either OP munged things, or his server is under attack.
anyway, as you said, not a postfix issue.
One could fail2ban the attacker :)
--
Ralf Hildebrandt
On 14 Jan 2009, at 08:52, Ralf Hildebrandt wrote:
* mouss mo...@ml.netoyen.net:
too many users with 'a' as first letter, and machine is in the US
while
OP is in UK. so either OP munged things, or his server is under
attack.
anyway, as you said, not a postfix issue.
One could fail2ban
On 1/14/2009, Rupert Reid (isingl...@madasafish.com) wrote:
What is fail2ban and how would I implement that?
Google is your friend...
--
Best regards,
Charles
Ralf Hildebrandt a écrit :
* mouss mo...@ml.netoyen.net:
too many users with 'a' as first letter, and machine is in the US while
OP is in UK. so either OP munged things, or his server is under attack.
anyway, as you said, not a postfix issue.
One could fail2ban the attacker :)
and if
mouss wrote:
and if the probes use multiple TCP connections (if the pop server
disconnects after a failure), then he can use rate limiting in his
packet filter if supported (recent in iptables, overload in pf).
here is an example using iptables recent module:
My postfix log is being inundated. What does it mean and how can I
block this ip (do I need to)?
Jan 13 15:43:28 fred ipop3d[26971]: Logout user=info host=
[209.225.189.110]
Jan 13 15:43:28 fred ipop3d[26972]: Logout user=barry host=
[209.225.189.110]
Jan 13 15:43:28 fred ipop3d[26973]:
* Rupert Reid isingl...@madasafish.com:
My postfix log is being inundated. What does it mean and how can I block
this ip (do I need to)?
That is not postfix, but ipop3d
People seem to be logging in and out. Seems normal for a mailserver,
if you ask me.
--
Ralf Hildebrandt
On Jan 13, 2009, at 10:57 AM, Rupert Reid isingl...@madasafish.com
wrote:
My postfix log is being inundated. What does it mean and how can I
block this ip (do I need to)?
Jan 13 15:43:28 fred ipop3d[26971]: Logout user=info host=[209.225.189.110
]
Jan 13 15:43:28 fred ipop3d[26972]:
Ralf Hildebrandt a écrit :
* Rupert Reid isingl...@madasafish.com:
My postfix log is being inundated. What does it mean and how can I block
this ip (do I need to)?
That is not postfix, but ipop3d
People seem to be logging in and out. Seems normal for a mailserver,
if you ask me.
too
I saw something similar to this on my mail server about 3 months ago. I ran
the ip address via whois and I was under a dictionary attack from a server
in China. I put a rule on my firewall to drop the connections from the ip
address range that was returned in the whois check and stopped it.
Guy
10 matches
Mail list logo