[xmail] XMail under attack - failed pop3 logins
I've not seen this before today but XMail fell over during a pop3 password attack. pop3 connections at firewall Feb 10 05:00-06:00 0 Feb 10 06:00-07:00 1161 Feb 10 07:00-08:00 9851 Feb 10 08:00-09:00 248 Feb 10 09:00-10:00 0 Pop3 log on one server has 4987 entries all ELOGIN but nothing else. Second server on network has 3 similar entries from Feb 6. Can I just add offending source ip range to spammers.tab or is it best to block at firewall? I believe firewall can block on connection rate so might investigate that. David ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] XMail under attack - failed pop3 logins
Add ip-adress to firewall better. Dmitriy 10.02.2010 17:55, David Lord пишет: I've not seen this before today but XMail fell over during a pop3 password attack. pop3 connections at firewall Feb 10 05:00-06:00 0 Feb 10 06:00-07:00 1161 Feb 10 07:00-08:00 9851 Feb 10 08:00-09:00 248 Feb 10 09:00-10:00 0 Pop3 log on one server has 4987 entries all ELOGIN but nothing else. Second server on network has 3 similar entries from Feb 6. Can I just add offending source ip range to spammers.tab or is it best to block at firewall? I believe firewall can block on connection rate so might investigate that. David ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Cannot relay - 1.26
Hi Davide, I cannot try it on 32 bit hardware - sun4u is more than 10 years old, and all Sun is 64 bit from Solaris 7. With the exactly same environment, on both x64 and SPARC, I got different results - x64 relay, risc does not. I tried with both sfw and usr/local gcc environments, and both builds does the same relay error, but only on SPARC. All builds just 32 bit, as I still do not have OpenSSL as 64 bit. Environment with GCC 3.4.6 / Gnu Make 3.81: CFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib PATH=/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/ssl/bin LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/local/ssl/lib INCLUDE=/usr/include:/usr/local/include:/usr/local/ssl/include OK, Big Endian vs. Little Endian might be a clue. Did you try on a SPARC 32 Solaris boxen? - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] XMail under attack - failed pop3 logins
On 10 Feb 2010 at 8:17, Davide Libenzi wrote: On Wed, 10 Feb 2010, David Lord wrote: I've not seen this before today but XMail fell over during a pop3 password attack. pop3 connections at firewall Feb 10 05:00-06:00 0 Feb 10 06:00-07:00 1161 Feb 10 07:00-08:00 9851 Feb 10 08:00-09:00 248 Feb 10 09:00-10:00 0 Pop3 log on one server has 4987 entries all ELOGIN but nothing else. Second server on network has 3 similar entries from Feb 6. Can I just add offending source ip range to spammers.tab or is it best to block at firewall? I believe firewall can block on connection rate so might investigate that. Firewall is better suited for things like that. That $hit does not even bother your server, in that way. A couple of /8 blocks added as I was setting off out for afternoon when I spotted the problem. Are attacks on pop3 something recent, or have I just been lucky? Cheers David ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] XMail under attack - failed pop3 logins
On Wed, 10 Feb 2010, David Lord wrote: On 10 Feb 2010 at 8:17, Davide Libenzi wrote: On Wed, 10 Feb 2010, David Lord wrote: I've not seen this before today but XMail fell over during a pop3 password attack. pop3 connections at firewall Feb 10 05:00-06:00 0 Feb 10 06:00-07:00 1161 Feb 10 07:00-08:00 9851 Feb 10 08:00-09:00 248 Feb 10 09:00-10:00 0 Pop3 log on one server has 4987 entries all ELOGIN but nothing else. Second server on network has 3 similar entries from Feb 6. Can I just add offending source ip range to spammers.tab or is it best to block at firewall? I believe firewall can block on connection rate so might investigate that. Firewall is better suited for things like that. That $hit does not even bother your server, in that way. A couple of /8 blocks added as I was setting off out for afternoon when I spotted the problem. Are attacks on pop3 something recent, or have I just been lucky? No, I saw them too recently. I've setup a connection throttling with iptables. - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Cannot relay - 1.26
On Wed, 10 Feb 2010, Zilon X wrote: Hi Davide, I cannot try it on 32 bit hardware - sun4u is more than 10 years old, and all Sun is 64 bit from Solaris 7. With the exactly same environment, on both x64 and SPARC, I got different results - x64 relay, risc does not. I tried with both sfw and usr/local gcc environments, and both builds does the same relay error, but only on SPARC. All builds just 32 bit, as I still do not have OpenSSL as 64 bit. Environment with GCC 3.4.6 / Gnu Make 3.81: CFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib PATH=/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/ssl/bin LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/local/ssl/lib INCLUDE=/usr/include:/usr/local/include:/usr/local/ssl/include How did you specify the network? Like this? X.Y.Z.W A.B.C.D Or like this? X.Y.Z.W/N - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
[xmail] Orphaned messages in the spool directory
Hi all... I recently changed my spool split level back to the default - I had previously set it higher but now I realise that setting it higher probably wasn't helping. Now I have found that I have a lot of messages that are sitting in the old spool directories, and XMail is not doing anything with them. What can I do about these messages? Thanks, Matt ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Orphaned messages in the spool directory
On Thu, 11 Feb 2010, Matt Parlane wrote: Hi all... I recently changed my spool split level back to the default - I had previously set it higher but now I realise that setting it higher probably wasn't helping. Now I have found that I have a lot of messages that are sitting in the old spool directories, and XMail is not doing anything with them. What can I do about these messages? Move those files into the proper subdirectories (cust, mess, slog, ...) of 0/0 and restart. - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Orphaned messages in the spool directory
On Thu, Feb 11, 2010 at 2:26 PM, Davide Libenzi davi...@xmailserver.org wrote: Move those files into the proper subdirectories (cust, mess, slog, ...) of 0/0 and restart. Thanks Davide, that worked a treat. Matt ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail