Maintenance
On Tuesdays I’m always short of time, but luckiliy, the automated cleanup procedure works fine – though removing the oprator logs could well be postponed for a few days…
But despite the still troubling issues with sending a message on the mail statistics, it works fine; the mail stats are in the logfile, so after some processing, I get the data:
PMAS statistics for January
Total messages : 3142 = 100.0 o/o
DNS Blacklisted : 426 = 13.5 o/o (Files: 31)
Relay attempts : 1894 = 60.2 o/o (Files: 31)
Accepted by PMAS : 822 = 26.1 o/o (Files: 31)
Handled by explicit rule
Rejected : 133 = 16.1 o/o (processed), 4.2 o/o (all)
Accepted : 285 = 34.6 o/o (processed), 9.0 o/o (all)
Handled by content
Discarded : 98 = 11.9 o/o (processed), 3.1 o/o (all)
Quarantained : 282 = 34.3 o/o (processed), 8.9 o/o (all)
Delivered : 24 = 2.9 o/o (processed), .7 o/o (all)
Relay attempts have been massive for one day (06-jan-2011), leaving a logfile over 150 blocks, lowered to half the amount on 11, 12, 14 and 24, the rest is far lower. But nevertheless, it has occurred all over the month.
There has been a drop in spam messages since last year, but it looks the bots are gradually picking up again. The number of quarantained messages increases – the number of discarded messages is still a lotlower – but that may find the reason in more specific rules, these should be shown in the number of messages rejected – but I will have to dig the logfiles to get the right perspective. Perhaps these aren’t even logged, or counted?
It’s also possible that blocking particular subnets in the router – completely – contributes to lower levels of spam and other abuse. Of course, there are still thought of Diana being a poorly secured Windows box; as is shown in the latest FTP log:
%TCPIP-E-FTP_LOGFAL, remote interactive login failure Administrator
-TCPIP-I-FTP_NODE, client host name: 59-120-34-162.HINET-IP.hinet.net
-LOGIN-F-NOSUCHUSER, no such user
These do occur occasionally.
Same on the weblogs – again: trying to break into well-known holes: /post contact.php, though far less than before; unsecured packages (attempting tu use SETUP of CONFIG – hazardous if not deleted – as suggested in the manuals…
No more DoS?
After I have explicty disabled ALL access from a few networks, there has been just a single alert of DoS services by trace_rt floodsm, but I still have to check the router logs to see if these attempts continue. In the last one – created yesterday – there was no mention of blocked requests, so it may have stopped – for now.
And since my son has stopped downloading on a large scale (it took him too long, probabbly, or he got what he wanted) the growth rate is more normal.
Developments
Development of the blog program has stalled because of a backlog in processing content – imaages, that is, and a lot of work aside the data center; I have to put my thoughts elsewhere for emprloyability sake. Doing Java – or similar. Not exactly my kind of environment, but one has to adapt the bad things in life, at times…
Well, It openes new thoughts as well: What a joy it would be to use Java as a programming environment, but translate the final product into object files and link them together into a VMS executable? If well done, it could “green” a virualized environemnt even more: Less memory and less CPU power needed….