Skip to main content

Exim under attack:

sreeninair
Hello, One of my server is under attack. Getting these message in /var/log/messages un 13 13:00:38 same12 named[643048]: error (unexpected RCODE SERVFAIL) resolving 'host159-142-static.231-95-b.business.telecomitalia.it/A/IN': xxx.xxx.xxx.xxx#53 Jun 13 13:00:39 same12 named[643048]: error (unexpected RCODE SERVFAIL) resolving 'host159-142-static.231-95-b.business.telecomitalia.it/A/IN': 80.22.52.131#53 Jun 13 13:00:39 same12 named[643048]: error (unexpected RCODE SERVFAIL) resolving 'host159-142-static.231-95-b.business.telecomitalia.it/A/IN': 80.22.52.131#53 Jun 13 13:00:39 same12 named[643048]: error (unexpected RCODE SERVFAIL) resolving 'host159-142-static.231-95-b.business.telecomitalia.it/A/IN': 217.169.119.68#53
In exim_mainlog 2014-06-13 13:01:08 [274653] SMTP connection from [46.184.24.55]:46644 I=[77.23.252.110]:25 (TCP/IP connection count = 47) 2014-06-13 13:01:08 [316718] SMTP connection from [119.195.107.122]:26056 I=[77.23.252.110]:25 lost 2014-06-13 13:01:08 [316718] no MAIL in SMTP connection from [119.195.107.122]:26056 I=[77.23.252.110]:25 D=6s 2014-06-13 13:01:08 [316808] no host name found for IP address 46.184.24.55 2014-06-13 13:01:08 [316808] list matching forced to fail: failed to find host name for 46.184.24.55 2014-06-13 13:01:08 [316808] list matching forced to fail: failed to find host name for 46.184.24.55 2014-06-13 13:01:08 [313777] SMTP command timeout on connection from 41.252.83.52.adsl.zs2.dynamic.ltt.ly [41.252.83.52]:59709 I=[77.23.252.110]:25 2014-06-13 13:01:08 [274653] SMTP connection from [162.233.227.161]:2223 I=[77.23.252.110]:25 (TCP/IP connection count = 46) 2014-06-13 13:01:08 [274653] SMTP connection from [93.64.242.27]:50541 I=[77.23.252.110]:25 (TCP/IP connection count = 47) 2014-06-13 13:01:08 [274653] SMTP connection from [187.54.174.61]:3329 I=[77.23.252.110]:25 (TCP/IP connection count = 48) 2014-06-13 13:01:08 [316747] SMTP connection from [203.124.39.69]:47877 I=[77.23.252.110]:25 lost 2014-06-13 13:01:08 [316747] no MAIL in SMTP connection from [203.124.39.69]:47877 I=[77.23.252.110]:25 D=6s 2014-06-13 13:01:08 [274653] SMTP connection from [186.129.45.174]:21769 I=[77.23.252.110]:25 (TCP/IP connection count = 48) 2014-06-13 13:01:08 [274653] SMTP connection from [182.55.247.210]:61522 I=[77.23.252.110]:25 (TCP/IP connection count = 49) 2014-06-13 13:01:08 [316757] SMTP connection from [2.146.254.164]:1712 I=[77.23.252.110]:25 lost 2014-06-13 13:01:08 [316757] no MAIL in SMTP connection from [2.146.254.164]:1712 I=[77.23.252.110]:25 D=5s 2014-06-13 13:01:08 [316813] no host name found for IP address 182.55.247.210
There is no load issue in the server. ============ root@00112 [~]# netstat -plan | grep :53 | wc -l 64 root@00112 [~]# root@00112 [~]# root@00112 [~]# netstat -plan | grep :25 | wc -l 108 root@00112 [~]# =============
Thanks Sreeni

Comments

3 comments

Date Votes
  • cPanelMichael
    Hello :) Have you considered blocking the offending IP address with a firewall management utility such as CSF? Thank you.
    0
  • sreeninair
    Hello cPanelMichael, It is not from a single ip. Thanks Sreeni
    0
  • cPanelPeter cPanel Staff
    Hello, CSF in conjunction with LFD, may still help as it blocks IP addresses based on strings found in the log files.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post