[BlueOnyx:25163] Re: stalling SMTP

[Larry Smith]

We are seeing loads and loads of smtp-auth attacks lately.
Generally when I see the "smtp down" message from a box
I login (character mode) and do "ps fax | grep sendm".
This normally shows anywhere from a few to hundreds of
connections from one or two IP addresses.  Kill those off
after blocking the IP and it all clears up until the next wave.

-- 
Larry Smith
lesmith at ecsis.net

On Thu October 14 2021 03:58, Meaulnes Legler @ MailList wrote:
> hello
>
> I lately get several times a day the Active Monitor message that the SMTP
> server isn't running and couldn't be restarted. 15min later the all-clear
> message drops in, everything ok. Thank you BO, Michael and all others for
> the automatic assistance!:-)
>
> But I still wonder what's the cause of this... I browsed through the log
> files /var/log/maillog /var/log/messages /var/log/secure with no clues to
> anything suspicious (or I didn't know what to look for).
>
> The GUI's Security > Failed Logins page mentioned several IPs and two
> users; I blocked IPs in the APF Firewall Blacklist and suspended the two
> users. That helped insofar that the SMTP stalls occurred now _only_ a
> couple of times a day instead of almost hourly...
>
> Any hint what I could do else?
>
> Thank you and best regards
>
> で⊃ Meaulnes Legler
> Zurich, Switzerland
> +41¦0 44 260-1660
>
> I'm on *Wire* as @meaulnes — https://get.wire.com/
> /no more Whatzap and so on!/
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx