Current time: 12-28-2024, 08:45 PM Hello There, Guest! (LoginRegister)


Post Reply 
Postfix security flood my mail log files
Author Message
Sity Offline


Posts: 4
Joined: Feb 2011
Reputation: 0
Post: #1
Postfix security flood my mail log files
Hey there!

Several days ago I tried to look up why is my log directory bigger at every day by more than 50 MBytes.. Smile

I found this: mail.err
Code:
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:00 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142
Feb 25 10:48:01 vps60 pop3d: Maximum connection limit reached for ::ffff:96.53.77.142

mail.info:
Code:
...
Feb 25 13:26:10 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:14 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:14 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:19 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:19 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:24 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:24 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:26 vps60 postfix/smtpd[11826]: too many errors after AUTH from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:26 vps60 postfix/smtpd[11826]: disconnect from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:27 vps60 postfix/smtpd[11826]: connect from c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]
Feb 25 13:26:28 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
Feb 25 13:26:28 vps60 postfix/smtpd[11826]: warning: c-67-170-208-124.hsd1.ca.comcast.net[67.170.208.124]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 25 13:26:29 vps60 postfix/smtpd[11826]: warning: SASL authentication failure: no secret in database
...

Several rows every each second.. Similar results in mail.info, mail.log and mail.warn also.

Is there a way to denny this?
02-25-2011 10:28 PM
Find all posts by this user Quote this message in a reply
mydebians Offline
Junior Member
*

Posts: 27
Joined: Apr 2007
Reputation: 0
Post: #2
RE: Postfix security flood my mail log files
HI ban it with iptables
02-26-2011 05:13 PM
Find all posts by this user Quote this message in a reply
Sity Offline


Posts: 4
Joined: Feb 2011
Reputation: 0
Post: #3
RE: Postfix security flood my mail log files
That's not a point.. Server allows several attempts for one IP... Then the robot change IP and start attempting again
02-28-2011 08:07 PM
Find all posts by this user Quote this message in a reply
mydebians Offline
Junior Member
*

Posts: 27
Joined: Apr 2007
Reputation: 0
Post: #4
RE: Postfix security flood my mail log files
Ok, then install fail2ban !
03-01-2011 12:26 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)