Hi Tony, i have a script counting authentification errors from ip-addresses. If an address appears more then my threshhold it is blocked vi iptables. The log where I count ist he usual maillog.
Andreas -----Ursprüngliche Nachricht----- Von: jin&hitman&Barracuda [mailto:jinhit...@gmail.com] Gesendet: Freitag, 29. Dezember 2017 15:59 An: qmailtoaster-list@qmailtoaster.com Betreff: Re: [qmailtoaster] connection issues again. Hi Remo Are using some kind of autonomous app/scrpt to block them ? If so, what kind of app/script are you using for drop them ? On 29 Dec 2017 5:19 p.m., "Remo Mattei" <r...@mattei.org> wrote: Yes I created some rules based on connection time like 30 sec 5 min 30 min etc. Dropped them. Il giorno 29 dic 2017, alle ore 06:07, Solo <s...@privat.dk> ha scritto: Hi Tony. Yes I see a lot - in my logs I think it's those spammers that tries to connect to Your server using a lot of different names and end up getting refused by vpopmail - se my logwatch file below (all ip addresses match log entries in maillog and vpopmail) --------------------- vpopmail Begin ------------------------ No Such User Found: 4f3c5634.2010906@ - 1 Time(s) abc@ - 1 Time(s) ada@ - 1 Time(s) agenda@ - 1 Time(s) am@ - 1 Time(s) benson@ - 1 Time(s) biblioteca@ - 1 Time(s) caja@ - 1 Time(s) careers@ - 1 Time(s) and so on they time out usually. Others! correct if I'm wrong... Regards, Finn Von B > Den 29-12-2017 kl. 14:40 skrev Tony White: > Hi folks, > Is anyone else seeing a single ip connecting hundreds even thousands > of times but never sending any mail? I end up blocking these using iptables > but I do not understand why it is happening. > > TIA > > Example > 2017-12-30 00:31:31.653614500 tcpserver: status: 2/100 > 2017-12-30 00:31:31.653753500 tcpserver: pid 31242 from 114.229.162.93 > 2017-12-30 00:31:31.653820500 tcpserver: ok 31242 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62277 > 2017-12-30 00:31:32.581728500 tcpserver: end 31242 status 0 > 2017-12-30 00:31:32.581729500 tcpserver: status: 1/100 > 2017-12-30 00:31:32.872455500 tcpserver: status: 2/100 > 2017-12-30 00:31:32.872564500 tcpserver: pid 31246 from 114.229.162.93 > 2017-12-30 00:31:32.872611500 tcpserver: ok 31246 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62369 > 2017-12-30 00:31:33.862860500 tcpserver: end 31246 status 0 > 2017-12-30 00:31:33.862861500 tcpserver: status: 1/100 > 2017-12-30 00:31:34.375021500 tcpserver: status: 2/100 > 2017-12-30 00:31:34.375022500 tcpserver: pid 31248 from 114.229.162.93 > 2017-12-30 00:31:34.375056500 tcpserver: ok 31248 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62461 > 2017-12-30 00:31:35.326643500 tcpserver: end 31248 status 0 > 2017-12-30 00:31:35.326645500 tcpserver: status: 1/100 > 2017-12-30 00:31:35.717309500 tcpserver: status: 2/100 > 2017-12-30 00:31:35.717443500 tcpserver: pid 31252 from 114.229.162.93 > 2017-12-30 00:31:35.717508500 tcpserver: ok 31252 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62563 > 2017-12-30 00:31:36.657366500 tcpserver: end 31252 status 0 > 2017-12-30 00:31:36.657368500 tcpserver: status: 1/100 > 2017-12-30 00:31:37.007733500 tcpserver: status: 2/100 > 2017-12-30 00:31:37.007904500 tcpserver: pid 31254 from 114.229.162.93 > 2017-12-30 00:31:37.007983500 tcpserver: ok 31254 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62637 > 2017-12-30 00:31:37.914884500 tcpserver: end 31254 status 0 > 2017-12-30 00:31:37.914885500 tcpserver: status: 1/100 > 2017-12-30 00:31:38.215151500 tcpserver: status: 2/100 > 2017-12-30 00:31:38.215252500 tcpserver: pid 31259 from 114.229.162.93 > 2017-12-30 00:31:38.215296500 tcpserver: ok 31259 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62738 > 2017-12-30 00:31:39.110484500 tcpserver: end 31259 status 0 > 2017-12-30 00:31:39.110485500 tcpserver: status: 1/100 > 2017-12-30 00:31:39.433288500 tcpserver: status: 2/100 > 2017-12-30 00:31:39.433302500 tcpserver: pid 31261 from 114.229.162.93 > 2017-12-30 00:31:39.433357500 tcpserver: ok 31261 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62831 > 2017-12-30 00:31:40.316270500 tcpserver: end 31261 status 0 > 2017-12-30 00:31:40.316271500 tcpserver: status: 1/100 > 2017-12-30 00:31:40.615598500 tcpserver: status: 2/100 > 2017-12-30 00:31:40.615698500 tcpserver: pid 31271 from 114.229.162.93 > 2017-12-30 00:31:40.615766500 tcpserver: ok 31271 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::62924 > 2017-12-30 00:31:41.496972500 tcpserver: end 31271 status 0 > 2017-12-30 00:31:41.496973500 tcpserver: status: 1/100 > 2017-12-30 00:31:41.873223500 tcpserver: status: 2/100 > 2017-12-30 00:31:41.873326500 tcpserver: pid 31273 from 114.229.162.93 > 2017-12-30 00:31:41.873371500 tcpserver: ok 31273 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63007 > 2017-12-30 00:31:42.828193500 tcpserver: end 31273 status 0 > 2017-12-30 00:31:42.828194500 tcpserver: status: 1/100 > 2017-12-30 00:31:43.135644500 tcpserver: status: 2/100 > 2017-12-30 00:31:43.135749500 tcpserver: pid 31277 from 114.229.162.93 > 2017-12-30 00:31:43.135794500 tcpserver: ok 31277 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63093 > 2017-12-30 00:31:44.067442500 tcpserver: end 31277 status 0 > 2017-12-30 00:31:44.067443500 tcpserver: status: 1/100 > 2017-12-30 00:31:44.362100500 tcpserver: status: 2/100 > 2017-12-30 00:31:44.362188500 tcpserver: pid 31282 from 114.229.162.93 > 2017-12-30 00:31:44.362231500 tcpserver: ok 31282 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63184 > 2017-12-30 00:31:45.274625500 tcpserver: end 31282 status 0 > 2017-12-30 00:31:45.274626500 tcpserver: status: 1/100 > 2017-12-30 00:31:45.574491500 tcpserver: status: 2/100 > 2017-12-30 00:31:45.574579500 tcpserver: pid 31293 from 114.229.162.93 > 2017-12-30 00:31:45.574625500 tcpserver: ok 31293 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63270 > 2017-12-30 00:31:46.464235500 tcpserver: end 31293 status 0 > 2017-12-30 00:31:46.464236500 tcpserver: status: 1/100 > 2017-12-30 00:31:46.773361500 tcpserver: status: 2/100 > 2017-12-30 00:31:46.773362500 tcpserver: pid 31298 from 114.229.162.93 > 2017-12-30 00:31:46.773363500 tcpserver: ok 31298 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63351 > 2017-12-30 00:31:47.659727500 tcpserver: end 31298 status 0 > 2017-12-30 00:31:47.659728500 tcpserver: status: 1/100 > 2017-12-30 00:31:47.940773500 tcpserver: status: 2/100 > 2017-12-30 00:31:47.940879500 tcpserver: pid 31300 from 114.229.162.93 > 2017-12-30 00:31:47.940920500 tcpserver: ok 31300 > indialau.bigpuddle.net:192.168.1.138:25 :114.229.162.93::63439 > > > --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com <mailto:qmailtoaster-list-h...@qmailtoaster.com> --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com <mailto:qmailtoaster-list-h...@qmailtoaster.com> --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
