Server hängt sich aus nicht findbaren Gründen auf

Serverdienste ohne eigene Kategorie
User avatar
andy-stoltze
Posts: 38
Joined: 2013-01-31 20:12

Server hängt sich aus nicht findbaren Gründen auf

Post by andy-stoltze »

Einen wunderschönen guten Morgen,
als ich mich heut morgen auf meinem Server anmelden wollte (fish) und ssh ging auf einmal load und memory hoch.
ein login war nicht mehr möglich! Ich habe den Server (bei Hetzner) dann per Robot restartet und danach ging alles wieder ganz normal.
In den logfiles finde ich auch nichts neues.
Der CRON der durchläuft, erstellt die collectd Grafiken.
Der Root der sich anmeldet bin ich (allerdings eigendlich nur einmal und nicht 5 mal pro sec wie um 07:43:47)
Hat jeman von euch ne Idee?

System: openSUSE 12.2

/var/log/messages
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - Preparing to chroot to directory '/srv/www/vhosts/test.hn.vc'
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - USER andy-test.hn.vc: Login successful.
Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
Mar 4 07:31:01 hn /USR/SBIN/CRON[880]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:32:01 hn /USR/SBIN/CRON[943]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:33:01 hn /USR/SBIN/CRON[997]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:34:01 hn /USR/SBIN/CRON[1062]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:34:22 hn sshd[1133]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:22 hn sshd[1133]: Invalid user ftpuser from 114.112.52.179
Mar 4 07:34:22 hn sshd[1133]: input_userauth_request: invalid user ftpuser [preauth]
Mar 4 07:34:23 hn sshd[1133]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:25 hn sshd[1135]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:25 hn sshd[1135]: Invalid user ftpuser from 114.112.52.179
Mar 4 07:34:25 hn sshd[1135]: input_userauth_request: invalid user ftpuser [preauth]
Mar 4 07:34:26 hn sshd[1135]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:52c7:100#53
Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:51c7:100#53
Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:50c7:100#53
Mar 4 07:34:28 hn sshd[1142]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:28 hn sshd[1142]: Invalid user ftpuser from 114.112.52.179
Mar 4 07:34:28 hn sshd[1142]: input_userauth_request: invalid user ftpuser [preauth]
Mar 4 07:34:29 hn sshd[1142]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:32 hn sshd[1145]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 4 07:34:32 hn sshd[1145]: Invalid user ftpuser001 from 114.112.52.179
Mar 4 07:34:32 hn sshd[1145]: input_userauth_request: invalid user ftpuser001 [preauth]
Mar 4 07:34:32 hn sshd[1145]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
Mar 4 07:34:32 hn sshd[1173]: refused connect from 114.112.52.179 (114.112.52.179)
Mar 4 07:34:55 hn ispcp_daemon[1193]: child 1193 started!
Mar 4 07:34:55 hn ispcp_daemon[1193]: Aeee! SIG_PIPE was received! Will we survive?
Mar 4 07:34:55 hn ispcp_daemon[1193]: send_line(): socket write error: Broken pipe
Mar 4 07:34:55 hn ispcp_daemon[1193]: read_line(): socket EOF! other end closed the connection!
Mar 4 07:34:55 hn ispcp_daemon[1458]: EINTR was received! continue;
Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session opened.
Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session closed.
Mar 4 07:34:55 hn sshd[1198]: Did not receive identification string from 88.198.18.48
Mar 4 07:35:01 hn /USR/SBIN/CRON[1221]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:36:01 hn /USR/SBIN/CRON[1280]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session opened.
Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - Preparing to chroot to directory '/srv/www/vhosts/test.hn.vc'
Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - USER andy-test.hn.vc: Login successful.
Mar 4 07:36:20 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session closed.
Mar 4 07:37:01 hn /USR/SBIN/CRON[1373]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:38:01 hn /USR/SBIN/CRON[1430]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:39:17 hn sshd[1497]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38080 ssh2
Mar 4 07:39:56 hn sshd[1497]: Received disconnect from 188.194.69.160: 11: disconnected by user
Mar 4 07:41:00 hn sshd[1557]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38081 ssh2
Mar 4 07:41:15 hn sshd[1627]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38083 ssh2
Mar 4 07:41:20 hn /USR/SBIN/CRON[1667]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:41:28 hn sshd[1557]: Received disconnect from 188.194.69.160: 11: disconnected by user
Mar 4 07:43:47 hn sshd[1716]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38089 ssh2
Mar 4 07:43:47 hn sshd[1627]: Received disconnect from 188.194.69.160: 11: disconnected by user
Mar 4 07:43:47 hn sshd[1733]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38090 ssh2
Mar 4 07:43:47 hn sshd[1737]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38091 ssh2
Mar 4 07:43:47 hn sshd[1749]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38093 ssh2
Mar 4 07:43:47 hn /USR/SBIN/CRON[1787]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn sshd[1803]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38097 ssh2
Mar 4 07:43:47 hn /USR/SBIN/CRON[1815]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
Mar 4 07:43:47 hn /USR/SBIN/CRON[1830]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
Mar 4 07:43:47 hn /USR/SBIN/CRON[1862]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:43:47 hn systemd-logind[515]: New session 940 of user root.
Mar 4 07:43:47 hn systemd-logind[515]: Removed session 940.
Mar 4 07:43:47 hn systemd-logind[515]: New session 941 of user root.
Mar 4 07:43:47 hn systemd-logind[515]: New session 942 of user root.
Mar 4 07:43:47 hn systemd-logind[515]: Removed session 941.
Mar 4 07:43:47 hn systemd-logind[515]: Removed session 942.
Mar 4 07:43:47 hn sshd[1927]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38115 ssh2
Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
Mar 4 07:43:48 hn systemd-logind[515]: New session 948 of user root.
Mar 4 07:46:51 hn /USR/SBIN/CRON[2063]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:47:30 hn /USR/SBIN/CRON[2166]: (root) CMD (sh /srv/www/coll.sh)
Mar 4 07:47:37 hn /USR/SBIN/CRON[2225]: (root) CMD (sh /srv/www/coll.sh)
load-h.png
memory-hour.png
disk-hour.png
disk2-hour.png
beste Dank im voraus
Andy
You do not have the required permissions to view the files attached to this post.

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Server hängt sich aus nicht findbaren Gründen auf

Post by Joe User »

Du solltest in der sshd_config die Optionen UsePAM und ChallengeResponseAuthentication explizit auf no setzen.
Zudem solltest Du Deinen Nameserver abschotten, damit er nicht misbraucht werden kann.
Von systemd (systemd-login) habe ich mangels eigener Erfahrung keine Ahnung, aber wenn mich nicht Alles täuscht, sollte der auf einem Server eher nicht im Log auftauchen. Da solltest Du selbst recherchieren.

Ansonsten geht die eigentliche Ursache für die hohe Last leider nicht aus dem Log hervor.

Code: Select all

grep -riE 'Mar[[:space:]]+4[[:space:]]+07:[34]' /var/log
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

User avatar
andy-stoltze
Posts: 38
Joined: 2013-01-31 20:12

Re: Server hängt sich aus nicht findbaren Gründen auf

Post by andy-stoltze »

erstmal danke für die schnelle Antwort!
größtenteils ist jetzt alles umgesetzt. Was mir gerade aufgefallen ist: Wenn ich den Apache restarte, sinkt der load sofort und der Speicher ist frei.
Müsste also am apachen liegen. oder?

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Server hängt sich aus nicht findbaren Gründen auf

Post by Joe User »

Kann, muss aber nicht.
Sind die WepApps inklusive aller Addons/Module/Erweiterungen auf dem aktuellen Stand?
Sind die Apache-Module für die WebApps richtig eingebunden und konfiguriert?
Ist das System allgemein auf dem aktuellen Stand?

Wie ist denn die Ausgabe von dem grep?
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

User avatar
andy-stoltze
Posts: 38
Joined: 2013-01-31 20:12

Re: Server hängt sich aus nicht findbaren Gründen auf

Post by andy-stoltze »

grep -riE 'Mar[[:space:]]+4[[:space:]]+07:[34]' /var/log
/var/log/mail.info:Mar 4 07:32:35 hn imapd: LOGIN, user=support@test.de, ip=[::ffff:188.194.69.160], port=[39009], protocol=IMAP
/var/log/mail.info:Mar 4 07:32:50 hn imapd: LOGIN, user=support@test.de, ip=[::ffff:188.194.69.160], port=[39020], protocol=IMAP
/var/log/mail.info:Mar 4 07:32:50 hn imapd: LOGIN, user=support@test.de, ip=[::ffff:188.194.69.160], port=[39021], protocol=IMAP
/var/log/mail.info:Mar 4 07:32:51 hn imapd: LOGIN, user=support@test.de, ip=[::ffff:188.194.69.160], port=[39022], protocol=IMAP
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 0080C1342FAF: from=<fail2ban@example.com>, size=364, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: DD5C01343021: from=<fail2ban@test.de>, size=345, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 72EB8134309B: from=<webmaster@tpom-club.15gb.de>, size=992, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 3A746134300B: from=<fail2ban@test.de>, size=359, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 170F01342FE9: from=<fail2ban@test.de>, size=366, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: C09111342FD8: from=<fail2ban@test.de>, size=428, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: B37D8134301B: from=<fail2ban@test.de>, size=355, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 914BB1340E21: from=<fail2ban@test.de>, size=358, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 649281342FB1: from=<fail2ban@test.de>, size=368, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 551711343001: from=<fail2ban@test.de>, size=353, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 463AF1343015: from=<fail2ban@example.com>, size=351, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1122]: 3A746134300B: to=<you@example.com>, relay=none, delay=63278, delays=63278/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1124]: 170F01342FE9: to=<you@example.com>, relay=none, delay=63377, delays=63377/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1110]: 0080C1342FAF: to=<you@example.com>, relay=none, delay=63378, delays=63378/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1112]: DD5C01343021: to=<you@example.com>, relay=none, delay=63275, delays=63274/0.01/0/0.2, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1126]: C09111342FD8: to=<you@example.com>, relay=none, delay=63378, delays=63377/0.01/0/0.27, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1112]: 551711343001: to=<you@example.com>, relay=none, delay=63278, delays=63278/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1110]: 649281342FB1: to=<you@example.com>, relay=none, delay=63378, delays=63378/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1122]: B37D8134301B: to=<you@example.com>, relay=none, delay=63276, delays=63276/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1124]: 914BB1340E21: to=<you@example.com>, relay=none, delay=63378, delays=63378/0.2/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/error[1129]: 463AF1343015: to=<you@example.com>, relay=none, delay=63277, delays=63277/0.21/0/0.16, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/smtp[1111]: 72EB8134309B: to=<evokeopj@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.70.26]:25, delay=34003, delays=34003/0/0.04/0.42, dsn=2.0.0, status=sent (250 2.0.0 OK 1362378849 b4si14882535eep.10 - gsmtp)
/var/log/mail.info:Mar 4 07:34:08 hn postfix/qmgr[2445]: 72EB8134309B: removed
/var/log/mail.info:Mar 4 07:34:26 hn postfix/smtpd[1139]: connect from unknown[212.227.15.19]
/var/log/mail.info:Mar 4 07:34:26 hn postfix/smtpd[1139]: 75D8D134309B: client=unknown[212.227.15.19]
/var/log/mail.info:Mar 4 07:34:26 hn postfix/cleanup[1141]: 75D8D134309B: message-id=<5134406F.7050506@gmx.de>
/var/log/mail.info:Mar 4 07:34:26 hn postfix/qmgr[2445]: 75D8D134309B: from=<andreas-stoltze@gmx.de>, size=1089, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:26 hn postfix/smtpd[1139]: disconnect from unknown[212.227.15.19]
/var/log/mail.info:Mar 4 07:34:26 hn postfix/virtual[1143]: 75D8D134309B: to=<support@test.de>, relay=virtual, delay=0.27, delays=0.19/0/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
/var/log/mail.info:Mar 4 07:34:26 hn postfix/qmgr[2445]: 75D8D134309B: removed
/var/log/mail.info:Mar 4 07:34:29 hn postfix/pickup[869]: E6EA21343136: uid=0 from=<fail2ban>
/var/log/mail.info:Mar 4 07:34:29 hn postfix/cleanup[1141]: E6EA21343136: message-id=<20130304063429.E6EA21343136@test.de>
/var/log/mail.info:Mar 4 07:34:30 hn postfix/qmgr[2445]: E6EA21343136: from=<fail2ban@test.de>, size=471, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:30 hn postfix/pickup[869]: 13CF9134309B: uid=0 from=<fail2ban>
/var/log/mail.info:Mar 4 07:34:30 hn postfix/cleanup[1141]: 13CF9134309B: message-id=<20130304063430.13CF9134309B@test.de>
/var/log/mail.info:Mar 4 07:34:30 hn postfix/error[1126]: E6EA21343136: to=<you@example.com>, relay=none, delay=0.45, delays=0.29/0/0/0.17, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:30 hn postfix/qmgr[2445]: 13CF9134309B: from=<fail2ban@test.de>, size=481, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:34:30 hn postfix/error[1110]: 13CF9134309B: to=<you@example.com>, relay=none, delay=0.34, delays=0.29/0/0/0.05, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:34:55 hn postfix/smtpd[1139]: connect from unknown[88.198.18.48]
/var/log/mail.info:Mar 4 07:34:55 hn postfix/smtpd[1139]: lost connection after CONNECT from unknown[88.198.18.48]
/var/log/mail.info:Mar 4 07:34:55 hn postfix/smtpd[1139]: disconnect from unknown[88.198.18.48]
/var/log/mail.info:Mar 4 07:34:55 hn spamd[1064]: spamd: connection from test.de.local [127.0.0.1] at port 56495
/var/log/mail.info:Mar 4 07:34:55 hn spamd[1064]: spamd: bad protocol: header error: (closed before headers)
/var/log/mail.info:Mar 4 07:34:56 hn spamd[952]: prefork: child states: II
/var/log/mail.info:Mar 4 07:34:57 hn postfix/pickup[869]: AF0A3134313E: uid=0 from=<fail2ban@example.com>
/var/log/mail.info:Mar 4 07:34:57 hn postfix/cleanup[1141]: AF0A3134313E: message-id=<20130304063457.AF0A3134313E@test.de>
/var/log/mail.info:Mar 4 07:34:57 hn postfix/qmgr[2445]: AF0A3134313E: from=<fail2ban@example.com>, size=477, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:35:27 hn postfix/smtp[1111]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:35:29 hn postfix/smtp[1111]: AF0A3134313E: to=<you@example.com>, relay=none, delay=30, delays=0.32/0/30/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:37:48 hn postfix/smtpd[1424]: connect from unknown[188.194.69.160]
/var/log/mail.info:Mar 4 07:37:48 hn postfix/smtpd[1424]: 741EF1343169: client=unknown[188.194.69.160], sasl_method=CRAM-MD5, sasl_username=support@test.de
/var/log/mail.info:Mar 4 07:37:48 hn postfix/cleanup[1426]: 741EF1343169: message-id=<5134413A.3010407@test.de>
/var/log/mail.info:Mar 4 07:37:48 hn postfix/qmgr[2445]: 741EF1343169: from=<support@test.de>, size=715, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:37:48 hn postfix/smtpd[1424]: disconnect from unknown[188.194.69.160]
/var/log/mail.info:Mar 4 07:37:48 hn imapd: DISCONNECTED, user=support@test.de, ip=[::ffff:188.194.69.160], headers=0, body=0, rcvd=683, sent=1236, time=298
/var/log/mail.info:Mar 4 07:37:49 hn postfix/smtp[1427]: 741EF1343169: to=<andreas-stoltze@gmx.de>, relay=mx00.gmx.net[213.165.67.114]:25, delay=1.2, delays=0.23/0/0.05/0.96, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=0MKtSS-1UCP1x2A7s-0003AQ)
/var/log/mail.info:Mar 4 07:37:49 hn postfix/qmgr[2445]: 741EF1343169: removed
/var/log/mail.info:Mar 4 07:38:02 hn imapd: LOGIN, user=support@test.de, ip=[::ffff:188.194.69.160], port=[39200], protocol=IMAP
/var/log/mail.info:Mar 4 07:38:29 hn clamd[1659]: SelfCheck: Database status OK.
/var/log/mail.info:Mar 4 07:42:12 hn postfix/qmgr[2445]: 0309A1340D73: from=<fail2ban@test.de>, size=353, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:24 hn postfix/qmgr[2445]: DF9351340F4B: from=<fail2ban@test.de>, size=366, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:44 hn postfix/qmgr[2445]: DDDD21340430: from=<fail2ban@test.de>, size=368, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:45 hn postfix/qmgr[2445]: EFF68134045A: from=<fail2ban@test.de>, size=428, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:46 hn postfix/qmgr[2445]: E7AF413401EC: from=<fail2ban@test.de>, size=366, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:46 hn postfix/qmgr[2445]: 38BB31340F76: from=<fail2ban@test.de>, size=358, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/qmgr[2445]: 177F51340456: from=<fail2ban@example.com>, size=364, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1681]: connect to example.com[192.0.43.10]:25: Connection refused
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1427]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1683]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1684]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1685]: connect to example.com[192.0.43.10]:25: Connection timed out
/var/log/mail.info:Mar 4 07:43:47 hn postfix/qmgr[2445]: CB1DC13402AD: from=<fail2ban@test.de>, size=345, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/anvil[1140]: statistics: max connection rate 1/60s for (smtp:212.227.15.19) at Mar 4 07:34:26
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1681]: DF9351340F4B: to=<you@example.com>, relay=none, delay=55059, delays=54949/1.6/109/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1427]: 0309A1340D73: to=<you@example.com>, relay=none, delay=35712, delays=35586/0.51/126/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1683]: DDDD21340430: to=<you@example.com>, relay=none, delay=35612, delays=35483/0.87/128/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1684]: EFF68134045A: to=<you@example.com>, relay=none, delay=35621, delays=35484/0.31/136/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/smtp[1685]: E7AF413401EC: to=<you@example.com>, relay=none, delay=35666, delays=35486/0.27/180/0, dsn=4.4.1, status=deferred (connect to example.com[192.0.43.10]:25: Connection timed out)
/var/log/mail.info:Mar 4 07:43:47 hn postfix/anvil[1140]: statistics: max connection count 1 for (smtp:212.227.15.19) at Mar 4 07:34:26
/var/log/mail.info:Mar 4 07:43:47 hn postfix/anvil[1140]: statistics: max cache size 1 at Mar 4 07:34:26
/var/log/mail.info:Mar 4 07:43:58 hn postfix/qmgr[2445]: 6B9C91340F97: from=<fail2ban@test.de>, size=428, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:44:03 hn postfix/qmgr[2445]: 4D9EC13401E2: from=<fail2ban@test.de>, size=359, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:44:10 hn postfix/qmgr[2445]: A87F113401F7: from=<fail2ban@test.de>, size=355, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:44:59 hn postfix/qmgr[2445]: A49D6134042B: from=<fail2ban@example.com>, size=351, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:04 hn postfix/qmgr[2445]: AF0A3134313E: from=<fail2ban@example.com>, size=477, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:25 hn postfix/qmgr[2445]: AABED1342FA5: from=<fail2ban@test.de>, size=368, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:26 hn postfix/qmgr[2445]: A1E6B1340F6D: from=<fail2ban@example.com>, size=364, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:46:29 hn postfix/error[1935]: 38BB31340F76: to=<you@example.com>, relay=none, delay=55230, delays=54952/277/0/1.3, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:31 hn postfix/error[1938]: 177F51340456: to=<you@example.com>, relay=none, delay=35769, delays=35497/271/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:33 hn postfix/error[1941]: 6B9C91340F97: to=<you@example.com>, relay=none, delay=55231, delays=55227/1.4/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1939]: CB1DC13402AD: to=<you@example.com>, relay=none, delay=35865, delays=35631/232/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1935]: A87F113401F7: to=<you@example.com>, relay=none, delay=35866, delays=35863/2.3/0/0.77, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1942]: 4D9EC13401E2: to=<you@example.com>, relay=none, delay=35866, delays=35863/1/0/2.1, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:36 hn postfix/error[1957]: A49D6134042B: to=<you@example.com>, relay=none, delay=35867, delays=35864/2.2/0/0.77, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:37 hn postfix/error[1939]: AABED1342FA5: to=<you@example.com>, relay=none, delay=55232, delays=55228/3.1/0/0.79, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:37 hn postfix/error[1941]: A1E6B1340F6D: to=<you@example.com>, relay=none, delay=55233, delays=55229/3.1/0/0.79, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:38 hn postfix/error[1938]: AF0A3134313E: to=<you@example.com>, relay=none, delay=536, delays=532/3.1/0/0.79, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to example.com[192.0.43.10]:25: Connection refused)
/var/log/mail.info:Mar 4 07:46:59 hn postfix/qmgr[2445]: E6EA21343136: from=<fail2ban@test.de>, size=471, nrcpt=1 (queue active)
/var/log/mail.info:Mar 4 07:47:10 hn postfix/pickup[869]: 532271343035: uid=0 from=<root>
/var/log/mail.info:Mar 4 07:48:28 hn postfix/cleanup[2129]: 532271343035: message-id=<20130304064421.532271343035@test.de>
/var/log/warn:Mar 4 07:34:55 hn spamd[1064]: spamd: bad protocol: header error: (closed before headers)
/var/log/messages:Mar 4 07:30:01 hn /USR/SBIN/CRON[336]: (root) CMD (umask 027; /srv/www/ispcp/engine/traffic/ispcp-vrl-traff &>/var/log/ispcp/ispcp-vrl-traff.log)
/var/log/messages:Mar 4 07:30:01 hn /USR/SBIN/CRON[339]: (root) CMD (/srv/www/ispcp/engine/tools/ispcp-del-phptemp.sh >/dev/null 2>&1)
/var/log/messages:Mar 4 07:30:02 hn /USR/SBIN/CRON[372]: (root) CMD (umask 027; /srv/www/ispcp/engine/traffic/ispcp-srv-traff &>/var/log/ispcp/ispcp-srv-traff.log)
/var/log/messages:Mar 4 07:30:02 hn /USR/SBIN/CRON[548]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - Preparing to chroot to directory '/srv/www/vhosts/test.test.de'
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - USER andy-test.test.de: Login successful.
/var/log/messages:Mar 4 07:30:44 hn proftpd[874]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
/var/log/messages:Mar 4 07:31:01 hn /USR/SBIN/CRON[880]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:32:01 hn /USR/SBIN/CRON[943]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:33:01 hn /USR/SBIN/CRON[997]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:34:01 hn /USR/SBIN/CRON[1062]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:34:22 hn sshd[1133]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:22 hn sshd[1133]: Invalid user ftpuser from 114.112.52.179
/var/log/messages:Mar 4 07:34:22 hn sshd[1133]: input_userauth_request: invalid user ftpuser [preauth]
/var/log/messages:Mar 4 07:34:23 hn sshd[1133]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:25 hn sshd[1135]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:25 hn sshd[1135]: Invalid user ftpuser from 114.112.52.179
/var/log/messages:Mar 4 07:34:25 hn sshd[1135]: input_userauth_request: invalid user ftpuser [preauth]
/var/log/messages:Mar 4 07:34:26 hn sshd[1135]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:52c7:100#53
/var/log/messages:Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:51c7:100#53
/var/log/messages:Mar 4 07:34:26 hn named[1491]: error (network unreachable) resolving 'gmx.de/MX/IN': 2001:8d8:fe:53:0:d9a0:50c7:100#53
/var/log/messages:Mar 4 07:34:28 hn sshd[1142]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:28 hn sshd[1142]: Invalid user ftpuser from 114.112.52.179
/var/log/messages:Mar 4 07:34:28 hn sshd[1142]: input_userauth_request: invalid user ftpuser [preauth]
/var/log/messages:Mar 4 07:34:29 hn sshd[1142]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: reverse mapping checking getaddrinfo for xinnet-179.global-mail.cn [114.112.52.179] failed - POSSIBLE BREAK-IN ATTEMPT!
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: Invalid user ftpuser001 from 114.112.52.179
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: input_userauth_request: invalid user ftpuser001 [preauth]
/var/log/messages:Mar 4 07:34:32 hn sshd[1145]: Received disconnect from 114.112.52.179: 11: Bye Bye [preauth]
/var/log/messages:Mar 4 07:34:32 hn sshd[1173]: refused connect from 114.112.52.179 (114.112.52.179)
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: child 1193 started!
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: Aeee! SIG_PIPE was received! Will we survive?
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: send_line(): socket write error: Broken pipe
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1193]: read_line(): socket EOF! other end closed the connection!
/var/log/messages:Mar 4 07:34:55 hn ispcp_daemon[1458]: EINTR was received! continue;
/var/log/messages:Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session opened.
/var/log/messages:Mar 4 07:34:55 hn proftpd[1194]: 88.198.18.48 (88.198.18.48[88.198.18.48]) - FTP session closed.
/var/log/messages:Mar 4 07:34:55 hn sshd[1198]: Did not receive identification string from 88.198.18.48
/var/log/messages:Mar 4 07:35:01 hn /USR/SBIN/CRON[1221]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:36:01 hn /USR/SBIN/CRON[1280]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session opened.
/var/log/messages:Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - Preparing to chroot to directory '/srv/www/vhosts/test.test.de'
/var/log/messages:Mar 4 07:36:19 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - USER andy-test.test.de: Login successful.
/var/log/messages:Mar 4 07:36:20 hn proftpd[1336]: 88.198.18.48 (213.133.113.83[213.133.113.83]) - FTP session closed.
/var/log/messages:Mar 4 07:37:01 hn /USR/SBIN/CRON[1373]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:38:01 hn /USR/SBIN/CRON[1430]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:39:17 hn sshd[1497]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38080 ssh2
/var/log/messages:Mar 4 07:39:56 hn sshd[1497]: Received disconnect from 188.194.69.160: 11: disconnected by user
/var/log/messages:Mar 4 07:41:00 hn sshd[1557]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38081 ssh2
/var/log/messages:Mar 4 07:41:15 hn sshd[1627]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38083 ssh2
/var/log/messages:Mar 4 07:41:20 hn /USR/SBIN/CRON[1667]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:41:28 hn sshd[1557]: Received disconnect from 188.194.69.160: 11: disconnected by user
/var/log/messages:Mar 4 07:43:47 hn sshd[1716]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38089 ssh2
/var/log/messages:Mar 4 07:43:47 hn sshd[1627]: Received disconnect from 188.194.69.160: 11: disconnected by user
/var/log/messages:Mar 4 07:43:47 hn sshd[1733]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38090 ssh2
/var/log/messages:Mar 4 07:43:47 hn sshd[1737]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38091 ssh2
/var/log/messages:Mar 4 07:43:47 hn sshd[1749]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38093 ssh2
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1787]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn sshd[1803]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38097 ssh2
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1815]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1830]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session opened.
/var/log/messages:Mar 4 07:43:47 hn /USR/SBIN/CRON[1862]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: New session 940 of user root.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: Removed session 940.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: New session 941 of user root.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: New session 942 of user root.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: Removed session 941.
/var/log/messages:Mar 4 07:43:47 hn systemd-logind[515]: Removed session 942.
/var/log/messages:Mar 4 07:43:47 hn sshd[1927]: Accepted keyboard-interactive/pam for root from 188.194.69.160 port 38115 ssh2
/var/log/messages:Mar 4 07:43:47 hn proftpd[1820]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
/var/log/messages:Mar 4 07:43:47 hn proftpd[1843]: 88.198.18.48 (213.133.113.84[213.133.113.84]) - FTP session closed.
/var/log/messages:Mar 4 07:43:48 hn systemd-logind[515]: New session 948 of user root.
/var/log/messages:Mar 4 07:46:51 hn /USR/SBIN/CRON[2063]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:47:30 hn /USR/SBIN/CRON[2166]: (root) CMD (sh /srv/www/coll.sh)
/var/log/messages:Mar 4 07:47:37 hn /USR/SBIN/CRON[2225]: (root) CMD (sh /srv/www/coll.sh)
Übereinstimmungen in Binärdatei /var/log/journal/590a05ae44da001f586ff6dd0000021d/system.journal.
/var/log/mail.warn:Mar 4 07:34:55 hn spamd[1064]: spamd: bad protocol: header error: (closed before headers)
Das letzt Update ist 2 Tage her (min. einmal pro Woche)
Module laufen beim Tesen einwandfrei (konfiguration muss ich nochmal durchsehen, sollte aber auch passen)
Was aber ist mi WebApps gemeint?

schönen Abend noch
Andy

User avatar
Joe User
Project Manager
Project Manager
Posts: 11137
Joined: 2003-02-27 01:00
Location: Hamburg

Re: Server hängt sich aus nicht findbaren Gründen auf

Post by Joe User »

WebApps sind zum Beispiel Scripte wie Wordpress, Joomla, Mediawiki, Planet, etc.

Ändere bitte mal die Reihenfolge der nameserver Einträge in Deiner /etc/resolv.conf
Die Konfigurationen von fail2ban und spamassassin scheinen ebenfalls fehlerhaft zu sein. fail2ban wird seine eMails nicht los und spamassassin hat Probleme beim Lesen von eMails.
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

User avatar
andy-stoltze
Posts: 38
Joined: 2013-01-31 20:12

Re: Server hängt sich aus nicht findbaren Gründen auf

Post by andy-stoltze »

Das ich bei WebApps nicht auf die scripte gekommen bin - peinlich (werd langsam alt)
dir nameservereinträge sind jetzt frisch sortiert. fail2ban bombardiert mich fleißig mit mails und an spamassassin bin ich dran.
bis jetzt ist das problem nicht nochmal aufgetreten.

besten Dank!!!