eFa 3.0.2.6....I'm not only a developer of eFa, but I'm also a client
postfix is suddenly stalling out on one of my instances....
connect to 127.0.0.1 25 just hangs, no 220 banner. top looks normal....no zombies, etc.
Have to restart postfix, then a few hours later....boom, here we go again. Gave the instance more memory (12Gig, just in case)
Before I rebuild this thing (I ran a restore, still doing it....)....
Any thoughts?
Postfix Stalling
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Postfix Stalling
Feels a bit silly to ask to you, but as you are in the client role now, you did check all basic logs, including Mysql/Modsecurity etc?
You could enable verbose logging: in /etc/postfix/master.cf
service postfix restart
tail -f /var/log/mail.log
You could enable verbose logging: in /etc/postfix/master.cf
Code: Select all
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
tail -f /var/log/mail.log
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Postfix Stalling
All logs clean, actually too clean, as in, postfix stops logging to maillog, and everything else is just like, dude, feed me some email!
Verbose logging I have not tried, I'll enable and wait and see if that and see if it shows anything...
Verbose logging I have not tried, I'll enable and wait and see if that and see if it shows anything...
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Postfix Stalling
Found the culprit:
I blocked this intruder at the firewall, and postfix returned to normal. I have no idea what this was trying to do, but it appears to be causing postfix to hang. Some kind of DoS attack over the submission port?
Code: Select all
Apr 30 21:48:45 efa postfix/smtpd[32294]: warning: exchange.ctkrhs.org[208.67.34.45]: SASL LOGIN authentication failed: authentication failure
Re: Postfix Stalling
was it just one request that was causing the postfix hang, or several in quick succession?
I ask, because until there is a fix, it could happen again from another ip at any time. If it takes more than one request, then fail2ban may protect you next time. If not, well crap.
I ask, because until there is a fix, it could happen again from another ip at any time. If it takes more than one request, then fail2ban may protect you next time. If not, well crap.
Re: Postfix Stalling
Hi Shawin,
i've noticed this last day too on one of our EFA. so i beleive it some kind of DDos or brute force.
i am working with Paul in order to configure fail2ban in order to provide some security.
lately we have a IDS in front of the EFA which keeps the logs clean.
EFA is working fine now
i've noticed this last day too on one of our EFA. so i beleive it some kind of DDos or brute force.
i am working with Paul in order to configure fail2ban in order to provide some security.
lately we have a IDS in front of the EFA which keeps the logs clean.
EFA is working fine now
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Postfix Stalling
It was just one request. It appeared to be leaving the connection half open. I have not seen it since blocking this specific one, fortunately, and I can identify it quickly. I think I may look at my IDS and see if I can watch for this type of faulty connection.pdwalker wrote: ↑02 May 2018 03:18 was it just one request that was causing the postfix hang, or several in quick succession?
I ask, because until there is a fix, it could happen again from another ip at any time. If it takes more than one request, then fail2ban may protect you next time. If not, well crap.
Re: Postfix Stalling
Do you have DNS ports forwarded on the FW to the EFA ?shawniverson wrote: ↑02 May 2018 20:42It was just one request. It appeared to be leaving the connection half open. I have not seen it since blocking this specific one, fortunately, and I can identify it quickly. I think I may look at my IDS and see if I can watch for this type of faulty connection.pdwalker wrote: ↑02 May 2018 03:18 was it just one request that was causing the postfix hang, or several in quick succession?
I ask, because until there is a fix, it could happen again from another ip at any time. If it takes more than one request, then fail2ban may protect you next time. If not, well crap.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact: