Hello Len,
>57 doesn't sound likes it's maxed. if you have 50, command will show
51,
>100 shows 101. but 57 sounds like a lot anyway.
>the max smtpd processes are on the first line:
Mine is 100.
>these commands will show you the IP and PTRs that are connecting today:
>awk '/smtpd.* connect from/{ print $8}' /var/log/maillog | sort -f |
uniq
>-ic | sort -rf | less
These are the top 10:
3595 ns.scbbs-bo.com[200.112.193.1] (my IMail box)
3106 unknown[200.85.128.10] (This IP and the 4th are the same, together
their total is 5255, almost 4 connections per minute. Seven days ago
they connected 3846 times during the day. The IP belongs to an SMTP
server from another ISP in town. So I guess I should consider it
normal...)
2335 bogus.localmail.sera-bo.com[200.58.170.174] (a customer that checks
mail very often)
2149 cli10.unete.com.bo[200.85.128.10] (same as the 2nd)
1226 manager.scbbs-bo.com[200.112.193.21] (my WhatsUp monitoring server,
checks IMGate once per minute)
969 gretel.pobox.com[208.210.125.56]
895 channelnewsasia.com.sg[202.172.227.115]
510 list.cashculture.com[217.158.42.150]
455 ns3971.ovh.net[213.186.41.126]
414 ghost.pobox.com[208.210.125.55]
>also, in pflogsumm report, look at the section for smtpd statistics to
see
>how many connections/hour, how many seconds/smtp_session.
Per-Hour SMTPD Connection Summary
hour connections time conn. avg./conn. max. time
--------------------------------------------------------------------
0000-0100 1682 2:47:10 6s 330s
0100-0200 1402 3:00:38 8s 342s
0200-0300 1295 2:21:08 7s 327s
0300-0400 1341 2:27:50 7s 330s
0400-0500 1342 2:49:17 8s 328s
0500-0600 1354 2:48:09 7s 332s
0600-0700 1367 2:34:30 7s 468s
0700-0800 1327 2:43:05 7s 336s
0800-0900 1829 3:09:37 6s 329s
0900-1000 1888 3:47:36 7s 997s
1000-1100 2160 4:20:38 7s 339s
1100-1200 232 1:15:45 20s 984s (The
first attack happened at 11:06 until 13:51, that's why the connections
went down)
1300-1400 900 1:36:21 6s 70s
1400-1500 2726 7:37:26 10s 1275s
1500-1600 2409 6:05:04 9s 342s
1600-1700 2278 6:47:28 11s 1079s
1700-1800 1890 4:36:55 9s 349s
(Second attack at 17:46 until 18:01)
1800-1900 2489 7:36:52 11s 653s
(Third attack between 18:32 and 18:40)
1900-2000 2090 4:13:30 7s 650s
2000-2100 2018 4:23:45 8s 569s
(Fourth attack between 20:07 and 20:18)
2100-2200 1101 4:05:31 13s 553s
2200-2300 1222 17:40:20 52s 682s
2300-2400 1517 3:39:54 9s 333s
>and then look at same report for a day last week.
Report from seven days ago:
Per-Hour SMTPD Connection Summary
hour connections time conn. avg./conn. max. time
--------------------------------------------------------------------
0000-0100 1288 2:52:01 8s 357s
0100-0200 1199 2:22:41 7s 333s
0200-0300 1249 3:12:19 9s 329s
0300-0400 1183 2:46:02 8s 366s
0400-0500 1284 3:11:31 9s 358s
0500-0600 1767 4:14:05 9s 340s
0600-0700 1343 3:49:19 10s 454s
0700-0800 1459 3:15:45 8s 815s
0800-0900 1670 3:08:44 7s 244s
0900-1000 2026 4:39:32 8s 590s
1000-1100 2093 8:50:18 15s 755s
1100-1200 2000 10:43:57 19s 782s
1200-1300 1859 9:49:28 19s 922s
1300-1400 1731 9:16:59 19s 332s
1400-1500 2050 7:47:07 14s 248s
1500-1600 2140 8:51:29 15s 596s
1600-1700 2038 9:48:49 17s 327s
1700-1800 2209 10:01:00 16s 354s
1800-1900 1960 7:46:30 14s 470s
1900-2000 2587 6:33:48 9s 519s
2000-2100 1788 4:35:31 9s 406s
2100-2200 1669 4:21:24 9s 465s
2200-2300 1700 3:50:15 8s 331s
2300-2400 1366 2:34:41 7s 331s
Adolfo Justiniano
Santa Cruz BBS
e-mail: [EMAIL PROTECTED]
http://www.scbbs.net
---
[This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system]
