Mark Weaver wrote:
Ok, let's get basic.On Wednesday 15 January 2003 11:30 am, Tibbetts, Ric scribbled nervously:Mark Weaver wrote:On Wednesday 15 January 2003 10:57 am, Tibbetts, Ric scribbled nervously:Sheesh! NOW, the server (firewall side) is just bulk rejecting ALLconnections(again!). It considers any incoming mail as a SYN attack, andrejectsit! (egads! I'm getting tired of this chase!). I thought I had this sorted out... /var/log/messages is bing filled with messages like:[snip]It's all incoming mail, that is not coming in! Any thoughts on WHY it would interpret all incoming connections asanattack? Anything not already blocked is interpreted as a SYN attack,andis rejected, and added to the list.... Thanks ! RicRic, do yourself a huge favor and turnoff and uninstall PortSentry. He'satired old man with a serious bladder control problem. he sh*ts himselffromtime to time as well. do that and you should be feeling a lot better.I shut it off when it started puking like that. THen I cleaned out /etc/hosts/deny. But it's still not accepting any connections, it's just quieter about it. It's just not receiving anything. When it did this the other day, xinetd was down. I checked that... alls well there. It's running. this is really getting frustrating! If I were 3000 miles closer, I'd shoot the thing between it's transistors, and rebuild it. But I'm justabit to far away for that. I can still ssh in, so at least I can work on it. But I'm lost as towhyit started doing this again... It was fine, up until about a halfhourago.. Then it just stopped receiving connections. There's nothing inthelogs.. I even tried the M$ method: Reboot.. no joy. It didn't help. And stopping portsentry doesn't make any difference. It's not the mail system either. I reverted back to the pre-spamfilterversion. That didn't make any difference. It's just started rejecting all connections. gotta be a reason.... Ric
well...this sounds horribly familiar, so I'll set to work trying to
recall what it was I was doing when this happened to me, and how I handled the situation. damned thing of it I should have kept up my journal of that period. there was a time when everything I touched on that machine
turned to crap! it's not so bad now cause I've had a lot of practice. :) don't
worry though...it'll come to me...eventually.
It was running when I first checked on it this morning.
The spam filter was tight, so I loosened that up a little (pure postfix config file stuff. NO systems level stuff).
Then I restarted postfix, and the server stopped receiving connections.
I rebooted.
Then portsentry went crazy on the reporting, and started rejecting every incoming mail connection. (actually, I suspect that they were being rejected anyway, there was no new mail coming in before that).
The last time it started acting like that, xinetd wasn't running.
This time it is.
The firewall is up.
iptables is running.
postfix is up
I can "send" mail from it, and users from inside that network can pass through it, so masq'ing is working right.
Why is it rejecting ALL incoming e-Mail connections?
And ONLY incoming e-Mail connections. I can ssh in, and the web server is running, and allows connections...
But any incoming e-Mail is interpreted as an attack, and rejected.
Where is this coming from ?!?! (portsentry is shut off. But I've been running it a very long time. I've seldom found it the source of the problem, on the messenger. Without it, I feel like I'm running a bit blind...
Any thoughts? Suggestions on where to look?
WAGs?
This server has been a super reliable server for the past 3 years. It's been on 8.1 for a year or so, and has never caused any problems.
Now all the sudden... I can't keep it running...
HELP!
Ric
------------------------------------------------------------------------
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
