Mail stastistics for April
Total messages : 4150 = 100.0 o/o
DNS Blacklisted : 2991 = 72.0 o/o (Files: 30)
Relay attempts : 50 = 1.2 o/o (Files: 23)
Processed by PMAS : 1109 = 26.7 o/o (Files: 30)
Discarded : 361 = 32.5 o/o (processed), 8.6 o/o (all)
Quarantained : 456 = 41.1 o/o (processed), 10.9 o/o (all)
Delivered : 292 = 26.3 o/o (processed), 7.0 o/o (all)
8 slipped the filter and were rejected by the SMTP itself, and only one survived and showed up. No unexpected false negatives – there were a few but these were new subscriptions and these could be expected.
As usual, logfiles have been archived.
Checking the logs
In the webserver logs, last weeks log contained 235 lines (out of 5750) containing “rejected requestst” – llocations that are probed and do not exist, exploiting product weaknesses. There have been just two attempts to test if the system could be breached or abused over PHP code. Otherwise the same w00tw00t rubble and proxy links that usually show up.
I also checked login failures that I cannot explain. That is: I know when I ran into exhausted passwords, and most of these come from the local network and these can be ignored. This is the ANALYZE/AUDIT output, I left out the lines I can explain. Most of the ones I found in the webserver and FTP logs already.
Nothing new. Using usernames like “Adminstrator” (what won’t wok anyway because it’s over 12 characters in size) show the expected target machine. No way, of course. And systems where “Oracle”, “Postgres” or “Mysql” can hardly be taken serious. Can they? (If so, that sysadmin needs at least an education in basic security before he’s allowed to access the system again – if at all)