[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available

Subject: Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
From: "wcstaff" <wcstaff@xxxxxxxxxxxx>
Date: Thu Jul 18 06:52:01 2002
Organization: WebCoast
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

What about under control panel, services/email parameters? Block the ip the
mail is coming from?
Would this work?

----- Original Message -----
From: "Gerald Waugh" <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, July 18, 2002 9:33 AM
Subject: Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available


> On Thu, 18 Jul 2002, Webmaster : Beyond2K wrote:
>
> > > uninstall mailscanner using the cobalt pkg uninstall routine and it
will
> > > automaically change syslog back to the original settings.
> > >
> > > I would be surprised if this however is what is causing the cpu
problem.
> >
> > You are of course correct. Mailscanner is working fine - as is syslogd.
> >
> > The syslogd high CPU usage is being caused by ipchains blocking ports
137 and 138 and syslog writing an entry in /var/log/kernel
> > everytime it rejects. This in itself is not causing the problem - just
the frequency I think? Most my server have a kernel log of
> > around 2 meg a day - this server managed 40 meg in 4 hours last night :/
> >
> > It seems someone's box at our host may be compromised as we are getting
10-20 rejections (input) written in the log every second
> > (with ipchains on) from 1 IP. Unless there is a another explanation for
accessing port 137/138?
> >
> > What's the best way of blocking this IP anyway? Have looked in the
archives and done the following so far.
> > 1) Ipchains does work but the syslogd CPU problem is a bit unbearable.
> > 2) Portsentry (1.1-fr5 pkg version) is installed and running - no
effect.
> > 3) I've added the IP to hosts.deny and restarted inet - no effect.
> > 4) /sbin/route add -host <ip-address> reject - no effect.
> >
>
> See if you can get your isp to block him at a router.
> You can't stop him any other way, other than cutting the ethernet
> cable.
> BTW those ports are used for microsoft networking and samba
>
> --
> Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
> http://frontstreetnetworks.com | Website Hosts & SOHO Networks
> 229 Front Street, Ste.#C, New Haven, CT. 06513 United States
> voice +1 302-785-0699 | fax +1 203-785-1787
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>

Follow-Ups:
- Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
  - From: Webmaster : Beyond2K
- Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
  - From: Gerald Waugh

References:
- Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-users] Email Problem
Next by Date: Re: [cobalt-users] Bulk_mailer and Majorodomo
Previous by thread: Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available
Next by thread: Re: [cobalt-users] Mailscanner for RAQ3/4 pkg available

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index