patmax
19/01/2012, 21h42
Bonsoir,
Aucune idée ?
Merci
Aucune idée ?
Merci
Jan 17 20:00:03 nsxxxxxx postfix/pickup[21090]: 1234266449: uid=0 from=
Jan 17 20:00:03 nsxxxxxx postfix/cleanup[22379]: 1234266449: message-id=<20120117190003.1234266449@smtp.mondomaine>
Jan 17 20:00:03 nsxxxxxx postfix/qmgr[32129]: 1234266449: from=, size=554, nrcpt=1 (queue active)
Jan 17 20:00:03 nsxxxxxx postfix/smtp[22193]: 1234266449: to=, orig_to= , relay=none, delay=1.3, delays=1.3/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=smtp.mondomaine type=A: Host not found)
Jan 17 20:00:03 nsxxxxxx postfix/cleanup[22379]: 3A4A46644A: message-id=<20120117190003.3A4A46644A@smtp.mondomaine>
Jan 17 20:00:03 nsxxxxxx postfix/bounce[22381]: 1234266449: sender non-delivery notification: 3A4A46644A
Jan 17 20:00:03 nsxxxxxx postfix/qmgr[32129]: 3A4A46644A: from=<>, size=2469, nrcpt=1 (queue active)
Jan 17 20:00:03 nsxxxxxx postfix/qmgr[32129]: 1234266449: removed
Jan 17 20:00:03 nsxxxxxx postfix/smtp[22193]: 3A4A46644A: to=, relay=none, delay=0.04, delays=0.04/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=smtp.mondomaine type=A: Host not found)
Jan 17 20:00:03 nsxxxxxx postfix/qmgr[32129]: 3A4A46644A: removed
Jan 17 16:33:56 nsxxxxxx postfix/qmgr[32129]: 22E6F65C57: from=, size=2335, nrcpt=1 (queue active)
Jan 17 16:33:56 nsxxxxxx postfix/qmgr[32129]: warning: connect to transport smtp-amavis: No such file or directory
Jan 17 16:33:56 nsxxxxxx postfix/error[11290]: 22E6F65C57: to=, relay=none, delay=75882, delays=75882/0/0/0.08, dsn=4.3.0, status=deferred (mail transport unavailable)
Jan 17 16:38:56 nsxxxxxx postfix/qmgr[32129]: 7D2956521E: from=, size=2342, nrcpt=1 (queue active)
Jan 17 16:38:57 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 207.46.75.254#53
Jan 17 16:38:57 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 64.4.59.173#53
Jan 17 16:38:57 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 213.199.159.59#53
Jan 17 16:38:57 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.37.62#53
Jan 17 16:38:58 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.226.140#53
Jan 17 16:38:58 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 213.199.159.59#53
Jan 17 16:38:58 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.226.140#53
Jan 17 16:38:58 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 64.4.59.173#53
Jan 17 16:38:59 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.37.62#53
Jan 17 16:38:59 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 207.46.75.254#53
Jan 17 16:39:00 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 213.199.159.59#53
Jan 17 16:39:00 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.226.140#53
Jan 17 16:39:00 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.37.62#53
Jan 17 16:39:00 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 64.4.59.173#53
Jan 17 16:39:00 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 207.46.75.254#53
Jan 17 16:39:01 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.226.140#53
Jan 17 16:39:01 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 213.199.159.59#53
Jan 17 16:39:01 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 65.55.37.62#53
Jan 17 16:39:01 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 64.4.59.173#53
Jan 17 16:39:01 nsxxxxxx /USR/SBIN/CRON[11522]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete)
Jan 17 16:39:01 nsxxxxxx named[23814]: FORMERR resolving 'hotmal.com/MX/IN': 207.46.75.254#53
Jan 17 16:39:02 nsxxxxxx postfix/smtp[11519]: 7D2956521E: to=, relay=none, delay=67405, delays=67399/0.01/5.5/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=hotmal.com type=MX: Host not found, try again)
smtp_banner = $myhostname ESMTP (Debian / GNU)
biff = no
disable_vrfy_command = yes
smtpd_helo_required = yes
append_dot_mydomain = no
mydestination = mondomaine.com, localhost, localhost.localdomain
mydomain = mondomaine.com
myhostname = mondomaine.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
message_size_limit = 5120000
inet_interfaces = all
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_sender_restrictions =
permit_mynetworks,
reject_unknown_sender_domain,
warn_if_reject reject_unverified_sender
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient
smtpd_client_restrictions =
reject_unknown_client,
permit_mynetworks
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_aliases.cf, mysql:/etc/postfix/mysql-virtual_aliases_mailbox.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/spool/vmail/
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "Desole, la boite email de l'utilisateur est pleine. Veuillez re-essayer plus tard !"
virtual_overquota_bounce = yes
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
smtp-amavis unix – - y – 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – y – - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
Jan 15 23:04:12 named[23814]: success resolving 'd.ext.nic.fr/A' (in 'nic.fr'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jan 15 23:04:12 named[23814]: success resolving 'g.ext.nic.fr/AAAA' (in 'nic.fr'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jan 15 23:04:12 named[23814]: success resolving 'c.nic.fr/A' (in 'nic.fr'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jan 15 23:04:13 named[23814]: success resolving 'd.nic.fr/AAAA' (in 'nic.fr'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jan 15 23:04:14 named[23814]: success resolving 'e.ext.nic.fr/AAAA' (in 'nic.fr'?) after reducing the advertised EDNS UDP packet size to 512 octets
Jan 15 21:54:00 postfix/pickup[19341]: 969866515D: uid=33 from=
Jan 15 21:54:00 postfix/cleanup[22896]: 969866515D: message-id=<20120115205400.969866515D@.ovh.net>
Jan 15 21:54:00 postfix/qmgr[3110]: 969866515D: from=, size=577, nrcpt=1 (queue active)
Jan 15 21:54:01 /USR/SBIN/CRON[22900]: (root) CMD (/usr/local/rtm/bin/rtm 33 > /dev/null 2> /dev/null)
Jan 15 21:54:02 postfix/smtp[22898]: 969866515D: to=, relay=mx2.mail.eu.yahoo.com[77.238.184.241]:25, delay=2.3, delays=0.62/0/1.2/0.48, dsn=2.0.0, status=sent (250 ok dirdel)
Jan 15 21:54:02 postfix/qmgr[3110]: 969866515D: removed
Jan 15 21:57:03 postfix/pickup[19341]: BE87465CE1: uid=33 from=
Jan 15 21:57:03 postfix/cleanup[23098]: BE87465CE1: message-id=<20120115205703.BE87465CE1@.ovh.net>
Jan 15 21:57:03 postfix/qmgr[3110]: BE87465CE1: from=, size=2350, nrcpt=1 (queue active)
Jan 15 21:57:04 postfix/smtp[23100]: BE87465CE1: to=, relay=smtp-in.sfr.fr[93.17.128.86]:25, delay=0.31, delays=0.13/0.01/0.06/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as EE5991C00088)
Jan 15 21:57:04 postfix/qmgr[3110]: BE87465CE1: removed
Jan 15 22:00:02 postfix/pickup[19341]: F2DC2661AE: uid=0 from=
Jan 15 22:00:02 postfix/cleanup[23337]: F2DC2661AE: message-id=<20120115210002.F2DC2661AE@.ovh.net>
Jan 15 22:00:03 postfix/qmgr[3110]: F2DC2661AE: from=, size=554, nrcpt=1 (queue active)
Jan 15 22:00:03 postfix/local[23339]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Jan 15 22:00:03 postfix/local[23339]: F2DC2661AE: to=, orig_to= , relay=local, delay=1.3, delays=1.3/0/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)
Jan 15 22:00:03 postfix/qmgr[3110]: F2DC2661AE: removed
iptables -I INPUT 1 -s 196.29.40.33 -j DROP
Jan 11 12:10:44 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:47132/80 unexpectedly shrunk window 2855847415:2855847416 (repaired)
Jan 11 12:10:45 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:47132/80 unexpectedly shrunk window 2855847415:2855847416 (repaired)
Jan 11 12:10:46 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:47132/80 unexpectedly shrunk window 2855847415:2855847416 (repaired)
Jan 11 12:10:52 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:47950/80 unexpectedly shrunk window 2974929439:2974929440 (repaired)
Jan 11 12:10:52 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:47950/80 unexpectedly shrunk window 2974929439:2974929440 (repaired)
Jan 11 12:10:54 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:48293/80 unexpectedly shrunk window 3023099631:3023099632 (repaired)
Jan 11 12:10:55 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:48293/80 unexpectedly shrunk window 3023099631:3023099632 (repaired)
Jan 11 12:11:02 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:49122/80 unexpectedly shrunk window 3130490106:3130490107 (repaired)
Jan 11 12:11:02 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:49122/80 unexpectedly shrunk window 3130490106:3130490107 (repaired)
Jan 11 12:11:05 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:49395/80 unexpectedly shrunk window 3169897448:3169897449 (repaired)
Jan 11 12:11:05 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:49395/80 unexpectedly shrunk window 3169897448:3169897449 (repaired)
Jan 11 12:11:12 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:50139/80 unexpectedly shrunk window 3283693824:3283693825 (repaired)
Jan 11 12:11:12 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:50139/80 unexpectedly shrunk window 3283693824:3283693825 (repaired)
Jan 11 12:11:15 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:50470/80 unexpectedly shrunk window 3335679550:3335679551 (repaired)
Jan 11 12:11:15 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:50470/80 unexpectedly shrunk window 3335679550:3335679551 (repaired)
Jan 11 12:11:16 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:50470/80 unexpectedly shrunk window 3335679550:3335679551 (repaired)
Jan 11 12:11:22 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:51213/80 unexpectedly shrunk window 3447993262:3447993263 (repaired)
Jan 11 12:11:22 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:51213/80 unexpectedly shrunk window 3447993262:3447993263 (repaired)
Jan 11 12:11:23 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:51213/80 unexpectedly shrunk window 3447993262:3447993263 (repaired)
Jan 11 12:11:25 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:51626/80 unexpectedly shrunk window 3502806036:3502806037 (repaired)
Jan 11 12:11:26 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:51626/80 unexpectedly shrunk window 3502806036:3502806037 (repaired)
Jan 11 12:11:32 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:52322/80 unexpectedly shrunk window 3624001271:3624001272 (repaired)
Jan 11 12:11:32 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:52322/80 unexpectedly shrunk window 3624001271:3624001272 (repaired)
Jan 11 12:11:33 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:52322/80 unexpectedly shrunk window 3624001271:3624001272 (repaired)
Jan 11 12:11:35 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:52699/80 unexpectedly shrunk window 3672612753:3672612754 (repaired)
Jan 11 12:11:36 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:52699/80 unexpectedly shrunk window 3672612753:3672612754 (repaired)
Jan 11 12:11:42 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:53414/80 unexpectedly shrunk window 3774897277:3774897278 (repaired)
Jan 11 12:11:42 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:53414/80 unexpectedly shrunk window 3774897277:3774897278 (repaired)
Jan 11 12:11:45 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:53797/80 unexpectedly shrunk window 3831689089:3831689090 (repaired)
Jan 11 12:11:46 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:53797/80 unexpectedly shrunk window 3831689089:3831689090 (repaired)
Jan 11 12:11:52 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:54447/80 unexpectedly shrunk window 3920424123:3920424124 (repaired)
Jan 11 12:11:52 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:54447/80 unexpectedly shrunk window 3920424123:3920424124 (repaired)
Jan 11 12:11:53 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:54447/80 unexpectedly shrunk window 3920424123:3920424124 (repaired)
Jan 11 12:11:55 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:54862/80 unexpectedly shrunk window 3984479637:3984479638 (repaired)
Jan 11 12:11:56 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:54862/80 unexpectedly shrunk window 3984479637:3984479638 (repaired)
Jan 11 12:12:02 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:55548/80 unexpectedly shrunk window 4075498884:4075498885 (repaired)
Jan 11 12:12:02 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:55548/80 unexpectedly shrunk window 4075498884:4075498885 (repaired)
Jan 11 12:12:05 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:55904/80 unexpectedly shrunk window 4136962382:4136962383 (repaired)
Jan 11 12:12:06 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:55904/80 unexpectedly shrunk window 4136962382:4136962383 (repaired)
Jan 11 12:12:12 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:56538/80 unexpectedly shrunk window 4248091859:4248091860 (repaired)
Jan 11 12:12:12 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:56538/80 unexpectedly shrunk window 4248091859:4248091860 (repaired)
Jan 11 12:12:15 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:56975/80 unexpectedly shrunk window 4291167940:4291167941 (repaired)
Jan 11 12:12:16 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:56975/80 unexpectedly shrunk window 4291167940:4291167941 (repaired)
Jan 11 12:12:22 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:57650/80 unexpectedly shrunk window 105190280:105190281 (repaired)
Jan 11 12:12:22 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:57650/80 unexpectedly shrunk window 105190280:105190281 (repaired)
Jan 11 12:12:25 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:58101/80 unexpectedly shrunk window 158622254:158622255 (repaired)
Jan 11 12:12:26 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:58101/80 unexpectedly shrunk window 158622254:158622255 (repaired)
Jan 11 12:12:32 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:58719/80 unexpectedly shrunk window 257649093:257649094 (repaired)
Jan 11 12:12:32 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:58719/80 unexpectedly shrunk window 257649093:257649094 (repaired)
Jan 11 12:12:36 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:59149/80 unexpectedly shrunk window 316247569:316247570 (repaired)
Jan 11 12:12:36 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:59149/80 unexpectedly shrunk window 316247569:316247570 (repaired)
Jan 11 12:12:42 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:59843/80 unexpectedly shrunk window 412197505:412197506 (repaired)
Jan 11 12:12:42 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:59843/80 unexpectedly shrunk window 412197505:412197506 (repaired)
Jan 11 12:12:45 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:60188/80 unexpectedly shrunk window 463900091:463900092 (repaired)
Jan 11 12:12:46 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:60188/80 unexpectedly shrunk window 463900091:463900092 (repaired)
Jan 11 12:12:56 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:61319/80 unexpectedly shrunk window 627781322:627781323 (repaired)
Jan 11 12:12:56 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:61319/80 unexpectedly shrunk window 627781322:627781323 (repaired)
Jan 11 12:32:28 kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:5364/80 unexpectedly shrunk window 1834013240:1834013241 (repaired)
ip6tables -A INPUT -s 0.0.0.0 -j DROP
Dire à fail2ban d'utiliser "ip6tables" à la place de "iptables"
(uniquement pour ce problème, en créant une règle de filtrage adaptée à l'attaque)
"ip6tables --help" ou encore "man ip6tables" pour en savoir plus.
La tu me pose une colle, comment faire pour bloquer une ip ipv6 ?
Il me semble que devrait filtrer sur autre chose que "shrunk-windows".
Ce message est déposé par ton dédié, inutile de filtrer sur ça.
Essaie de trouver l'IP de ton attaque. Bloquer le "0.0.0.0" ne marchera pas.
Dès que tu bloque ces attaques, ton dédié n'a plus besoin de intervenir, et les messages "shrunk" allons disparaitre.
PS: je ne parle pas d'expérience ici, je ne fait que réfléchir sur sur que t'as montré.
Soit dit en passant, tu utilises un filtre IPv4 pour bloquer une IPv6 !
Apache Server Status for xx.xxx.xx.xxx
Server Version: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
Server Built: Sep 4 2011 20:51:55
Current Time: Saturday, 07-Jan-2012 13:05:13 CET
Restart Time: Saturday, 07-Jan-2012 12:00:03 CET
Parent Server Generation: 0
Server uptime: 1 hour 5 minutes 10 seconds
716 requests currently being processed, 21 idle workers
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWW_WWWRWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWWWRWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWW_WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWRWWWWWWWWWWWWWWWWWW WWRWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW WWCWWRWWRWW_WW
W_WRWWWWWWWWWWRWWWWWWCWWWWWWWWWWCWWWWWRWWWWWWWWWWW WWWWWW_WWWWWWW
WWWWWWWR_WWC_W_WWWWW_WWWWWWC_WW_WW_WRCRWCWWWR_WRCW WWRCWWCCCWCR_W
WRCRWCRR_WR__RWW_WC_RRRCRC_CRCRC_................. ..............
kernel: TCP: Peer 0000:0000:0000:0000:0000:ffff:c41d:2821:14441/80 unexpectedly shrunk window 277865385:277865386 (repaired)
[shrunk-window]
enabled = true
filter = shrunk-window
logpath = /var/log/kern.log
port = all
banaction = iptables-allports
port = anyport
bantime = 60
maxretry = 3
[Definition]
failregex = TCP\: Peer\:.* unexpectedly shrunk window.*repaired+
ignoreregex =
2012-01-07 12:32:20,001 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:32:31,012 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:32:49,032 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:33:09,053 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:33:09,053 fail2ban.actions: WARNING [shrunk-window] Unban 0.0.0.0
2012-01-07 12:33:29,079 fail2ban.actions: WARNING [shrunk-window] Ban 0.0.0.0
2012-01-07 12:33:41,098 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:33:59,118 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:34:11,132 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:34:21,140 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:34:29,150 fail2ban.actions: WARNING [shrunk-window] Unban 0.0.0.0
2012-01-07 12:34:31,157 fail2ban.actions: WARNING [shrunk-window] Ban 0.0.0.0
2012-01-07 12:34:41,173 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:34:51,183 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:35:19,214 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:35:26,489 fail2ban.actions: WARNING [named-refused-udp] Ban 82.165.138.101
2012-01-07 12:35:27,426 fail2ban.actions: WARNING [named-refused-tcp] Ban 82.165.138.101
2012-01-07 12:35:29,223 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:35:31,225 fail2ban.actions: WARNING [shrunk-window] Unban 0.0.0.0
2012-01-07 12:35:41,242 fail2ban.actions: WARNING [shrunk-window] Ban 0.0.0.0
2012-01-07 12:35:59,268 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:36:09,279 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:36:19,290 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:36:29,300 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:36:41,313 fail2ban.actions: WARNING [shrunk-window] 0.0.0.0 already banned
2012-01-07 12:36:41,313 fail2ban.actions: WARNING [shrunk-window] Unban 0.0.0.0