Am 25.08.2012 07:09, schrieb li...@sbt.net.au: > just noticed I have large increase in smtp connections, looking at logs I > noticed a single ip continuous attempting connection, searching for that > IP in maillog I see like; > > is this like a mail attack..? > > Aug 25 14:11:36 postfix/anvil[32254]: statistics: max connection rate > 80/60s for (smtp:203.125.143.198) at Aug 25 14:01:42
Singapore? most likely an attack there is no need to get notified because you can rate-control anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limi = 50 inetnum: 203.125.143.196 - 203.125.143.199 netname: LSHMGT-SG descr: LSH MANAGEMENT SERVICES PTE LTD descr: 7 SHENTON WAY #01-02 descr: SINGAPORE CONFERENCE HALL descr: Singapore 068810 country: SG admin-c: PK12-AP tech-c: SH9-AP status: ASSIGNED NON-PORTABLE notify: hostmas...@singnet.com.sg mnt-by: MAINT-SG-SINGNET mnt-irt: IRT-SINGNET-SG changed: hostmas...@singnet.com.sg 20110106 source: APNIC
signature.asc
Description: OpenPGP digital signature
