[Postfixbuch-users] [OT] fail2ban stürzt ab ???
usenet at deiszner.de
usenet at deiszner.de
Do Dez 13 12:09:02 CET 2007
Ich habe die neueste stable Version von fail2ban laufen gehabt.
Eben habe ich bemerkt, das das Teil wieder abgeschmiert ist :-/
* Serverauslastung ist ok - keine Probleme zum Zeitpunkt des 'abschmierens'
* Postfix-Logfile:
Dec 12 13:45:10 v1577 postfix/smtpd[26337]: connect from
unknown[219.159.20.53]
Dec 12 13:45:14 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
fully-qualified hostname; from=<qsavvk at bossierfire.com>
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:16 v1577 postfix/smtpd[26337]: lost connection after DATA
from unknown[219.159.20.53]
Dec 12 13:45:16 v1577 postfix/smtpd[26337]: disconnect from
unknown[219.159.20.53]
Dec 12 13:45:22 v1577 postfix/smtpd[26337]: connect from
unknown[219.159.20.53]
Dec 12 13:45:27 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
fully-qualified hostname; from=<lkifeaovtfvy at brainkrash.com>
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:28 v1577 postfix/smtpd[26337]: lost connection after DATA
from unknown[219.159.20.53]
Dec 12 13:45:28 v1577 postfix/smtpd[26337]: disconnect from
unknown[219.159.20.53]
Dec 12 13:45:36 v1577 postfix/smtpd[26337]: connect from
unknown[219.159.20.53]
Dec 12 13:45:38 v1577 postfix/smtpd[26323]: connect from
unknown[121.63.188.241]
Dec 12 13:45:40 v1577 postfix/smtpd[26323]: NOQUEUE: reject: RCPT from
unknown[121.63.188.241]: 554 5.7.1 <kela.kela.kari at memonet.fi>: Relay
access denied; from=<susRamiro at trolltech.com>
to=<kela.kela.kari at memonet.fi> proto=SMTP helo=<mail>
Dec 12 13:45:40 v1577 postfix/smtpd[26323]: disconnect from
unknown[121.63.188.241]
Dec 12 13:45:40 v1577 postfix/smtpd[26337]: NOQUEUE: reject: RCPT from
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
fully-qualified hostname; from=<awbo at bomplant11.appl.ge.com>
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:42 v1577 postfix/smtpd[26337]: lost connection after DATA
from unknown[219.159.20.53]
Dec 12 13:45:42 v1577 postfix/smtpd[26337]: disconnect from
unknown[219.159.20.53]
Dec 12 13:45:50 v1577 postfix/smtpd[26323]: connect from
unknown[219.159.20.53]
Dec 12 13:45:54 v1577 postfix/smtpd[26323]: NOQUEUE: reject: RCPT from
unknown[219.159.20.53]: 504 5.5.2 <sgjcy>: Helo command rejected: need
fully-qualified hostname; from=<gja at boulevardballoons.com>
to=<ich at meinedomain.de> proto=ESMTP helo=<sgjcy>
Dec 12 13:45:56 v1577 postfix/smtpd[26323]: lost connection after DATA
from unknown[219.159.20.53]
Dec 12 13:45:56 v1577 postfix/smtpd[26323]: disconnect from
unknown[219.159.20.53]
* fail2ban-Logfile (ich lass das Teil schon im Debug-Modus laufen in der
Hoffnung was zu erkennen)
2007-12-12 13:45:48,194 fail2ban.actions.action: DEBUG iptables -n -L
INPUT | grep -q fail2ban-postfix
2007-12-12 13:45:48,204 fail2ban.actions.action: DEBUG iptables -n -L
INPUT | grep -q fail2ban-postfix returned successfully
2007-12-12 13:45:48,205 fail2ban.actions.action: DEBUG iptables -D
fail2ban-postfix -s 84.105.54.144 -j DROP
2007-12-12 13:45:48,213 fail2ban.actions.action: DEBUG iptables -D
fail2ban-postfix -s 84.105.54.144 -j DROP returned successfully
2007-12-12 13:45:48,214 fail2ban.actions.action: DEBUG iptables -D
INPUT -p tcp -m multiport --dports smtp -j fail2ban-postfix
iptables -F fail2ban-postfix
iptables -X fail2ban-postfix
2007-12-12 13:45:48,256 fail2ban.actions.action: DEBUG iptables -D
INPUT -p tcp -m multiport --dports smtp -j fail2ban-postfix
iptables -F fail2ban-postfix
iptables -X fail2ban-postfix returned successfully
2007-12-12 13:45:48,256 fail2ban.actions: DEBUG postfix: action terminated
2007-12-12 13:45:48,257 fail2ban.server.communication: DEBUG Removed
socket file /var/run/fail2ban.sock
2007-12-12 13:45:48,257 fail2ban.server.communication: DEBUG Socket
shutdown
Mehr Informationen über die Mailingliste Postfixbuch-users