ispCP - Board - Support
Postfix security flood my mail log files - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: Postfix security flood my mail log files (/thread-12950.html)



Postfix security flood my mail log files - Sity - 02-25-2011 10:28 PM

Hey there!

Several days ago I tried to look up why is my log directory bigger at every day by more than 50 MBytes.. Smile

I found this: mail.err
Code:
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142

mail.info:
Code:
...
Feb 25 13:26:10 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:14 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:14 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:19 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:19 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:24 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:24 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:26 vps60 postfix/smtpd[11826]: too many errors after AUTH from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:26 vps60 postfix/smtpd[11826]: disconnect from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:27 vps60 postfix/smtpd[11826]: connect from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:28 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:28 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:29 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
...

Several rows every each second.. Similar results in mail.info, mail.log and mail.warn also.

Is there a way to denny this?


RE: Postfix security flood my mail log files - mydebians - 02-26-2011 05:13 PM

HI ban it with iptables


RE: Postfix security flood my mail log files - Sity - 02-28-2011 08:07 PM

That's not a point.. Server allows several attempts for one IP... Then the robot change IP and start attempting again


RE: Postfix security flood my mail log files - mydebians - 03-01-2011 12:26 AM

Ok, then install fail2ban !