R
Reggie Thomson
Guest
My SMTP server (qmail) has been down for 2 days and won't restart.
I've tried restart from plesk -> server -> services management but it still has the red X
Connecting via abuse.net or pingability.com I get the following message:
<<< rblsmtpd: fatal: unable to run /var/qmail/bin/relaylock: file does not exist
I note that there was a failed update to Plesk v9.0.0 recently (will read other threads, but I would like to sort out this problem before retrying updates).
I also noticed from /var/log/messages that I appear to be under attack, e.g.:
Dec 11 12:49:22 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21383 from=::ffff:67.218.180.132
Dec 11 12:49:24 ip-72-167-44-131 xinetd[19604]: EXIT: smtp status=111 pid=21380 duration=3(sec)
Dec 11 12:49:24 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21384 from=::ffff:67.218.186.123
Dec 11 12:49:25 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21385 from=::ffff:80.81.35.24
Dec 11 12:49:25 ip-72-167-44-131 xinetd[19604]: EXIT: smtp status=111 pid=21381 duration=4(sec)
Dec 11 12:49:25 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21386 from=::ffff:67.218.186.122
I have blocked access to 67.218 via the command:
iptables --append INPUT --source 67.218.0.0/16 -i eth0 -j DROP
This didn't solve my problem (but did reduce the number of the attacks)
Any help would be most welcome.
Cheers, Reggie
I've tried restart from plesk -> server -> services management but it still has the red X
Connecting via abuse.net or pingability.com I get the following message:
<<< rblsmtpd: fatal: unable to run /var/qmail/bin/relaylock: file does not exist
I note that there was a failed update to Plesk v9.0.0 recently (will read other threads, but I would like to sort out this problem before retrying updates).
I also noticed from /var/log/messages that I appear to be under attack, e.g.:
Dec 11 12:49:22 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21383 from=::ffff:67.218.180.132
Dec 11 12:49:24 ip-72-167-44-131 xinetd[19604]: EXIT: smtp status=111 pid=21380 duration=3(sec)
Dec 11 12:49:24 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21384 from=::ffff:67.218.186.123
Dec 11 12:49:25 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21385 from=::ffff:80.81.35.24
Dec 11 12:49:25 ip-72-167-44-131 xinetd[19604]: EXIT: smtp status=111 pid=21381 duration=4(sec)
Dec 11 12:49:25 ip-72-167-44-131 xinetd[19604]: START: smtp pid=21386 from=::ffff:67.218.186.122
I have blocked access to 67.218 via the command:
iptables --append INPUT --source 67.218.0.0/16 -i eth0 -j DROP
This didn't solve my problem (but did reduce the number of the attacks)
Any help would be most welcome.
Cheers, Reggie