My mail server has been working perfectly until just recently. It could no longer send nor receive mails. I checked the mail log and it showed something like this. Sep 2 22:49:24 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 2 22:49:24 tkl dovecot: IMAP(username): Disconnected: Logged out Sep 2 22:49:25 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 2 22:49:25 tkl dovecot: IMAP(username): Disconnected: Logged out Sep 2 22:49:25 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 2 22:49:26 tkl dovecot: IMAP(username): Disconnected: Logged out Sep 2 22:50:20 tkl postfix/smtpd[23284]: connect from localhost[127.0.0.1] Sep 2 22:50:20 tkl postfix/smtpd[23284]: 596EB3D221F: client=localhost[127.0.0.1] Sep 2 22:50:27 tkl postfix/cleanup[23268]: 596EB3D221F: hold: header Received: from www.example.com (localhost [127.0.0.1])??by mail.example.com (Postfix) with ESMTP id 596EB3D221F;??Tue, 2 Sep 2008 22:50:20 +1200 (GILT) from localhost[127.0.0.1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<www.example.com> Sep 2 22:50:27 tkl postfix/cleanup[23268]: 596EB3D221F: message-id=<[email protected]> Sep 2 22:50:27 tkl postfix/smtpd[23284]: disconnect from localhost[127.0.0.1] Sep 2 22:50:27 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 2 22:50:28 tkl dovecot: IMAP(username): Disconnected: Logged out Sep 2 22:50:28 tkl dovecot: imap-login: Login: user=<username>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Sep 2 22:50:29 tkl dovecot: IMAP(username): Disconnected: Logged out Sep 2 22:53:53 tkl MailScanner[23035]: Commercial scanner clamav timed out! Sep 2 22:53:53 tkl MailScanner[23035]: clamav: Failed to complete, timed out Sep 2 22:53:53 tkl MailScanner[23035]: Virus Scanning: Denial Of Service attack detected! It seems like we have been attacked with a DoS. Can anyone please tell me how to get out of this? I urgently need this 'cos we have not received mails in a week now. Many thanks in advance. Nareau
My server is now working perfectly well after upgrading the server to a virtual users and domains mail server as described in the howtos. However everything had to be overwritten thus resulting in a loss of all previous mails on the server. So if anyone will ever find a much safer and simpler solution to this, please let me know.
I recommend DDOS PROTECTED HOSTING from Cybercobra.com, it is true ddos protected hosting and cheap prices, they'll transfer your site for free if your site is under ddos attack this moment!