Bombarded with Reject Logs
I've been noticing that my server has been taking a beating lately with tons of scrips which keep either attempting to use my SMTP on the server or IS using scripts on my server.
For instance
- Removed -
is some of the rejects I keep seeing as well as others:
2015-04-03 12:58:38 H=54.ip-92-222-39.eu [92.222.39.54]:59569 I=[64.111.26.29]:25 temporarily rejected connection in "connect" ACL: "Host is ratelimited (2.5/1h max:1.2)"
2015-04-03 13:01:44 H=193.ip-176-31-185.eu [176.31.185.193]:51976 I=[64.111.26.29]:25 temporarily rejected connection in "connect" ACL: "Host is ratelimited (1.3/1h max:1.2)"
- Is there a way to see what accounts are effectively "rate limited?" via SSH
I guess what I'm trying to understand, from "temporarily rejected RCPT" Does this mean they are authenticating from 74.177.130.40 into my smtp and sending mail with a false email? which the system is essentially saying "get out of here thus rejecting"
And from the Host is ratelimited, id have to make the assumption that they are using an account somewhere on our server and sending mail?
I guess, I'm trying to stop this and or see what I can do to prevent and kill off these intrusions. I've been reading lots about it, but about ready to pull the hair out lol
Thank you for any tips/help. with this matter.
-
If one of your accounts gets lots of spam, and that account is forwarding all of it to Gmail, for example, you will see this sort of email. 0 -
Is there a way or method to see what account is currently rate limited? " temporarily rejected connection in "connect" ACL: "Host is ratelimited (1.2/1h max:1.2)"" 0 -
You might check your mail log for clues. Assuming you've got CSF installed, you can watch your mail logs in real time here: WHM " Plugins " ConfigServer Security & Firewall, Watch System Logs Or try here for clues: Home " Email " Mail Delivery Reports 0
Please sign in to leave a comment.
Comments
3 comments