A large number of Netfilter warnings are received in the background, the 1.2G virtual memory of vps is full, and the physical memory is only 200M left,disk space is full , can not send mail,while i run
cd /opt/mailcow-dockerized/
systemctl restart docker
docker-compose down
docker-compose up -d
All problems are gone, what’s the reason?
A large number of such Netfilter warnings were generated from July 5th to yesterday, and I chose to post some of them:
mailcow in-memory logs are collected in Redis lists and trimmed to LOG_LINES (10000) every minute to reduce hammering.
In-memory logs are not meant to be persistent. All applications that log in-memory, also log to the Docker daemon and therefore to the default logging driver.
The in-memory log type should be used for debugging minor issues with containers.
External logs are collected via API of the given application.
Static logs are mostly activity logs, that are not logged to the Dockerd but still need to be persistent (except for API logs).
Netfilter 1000
Search
«
‹
...
1
2
3
4
5
...
›
»
1 of 20
8/10/2020, 10:59:30 PM warn 8 more attempts in the next 600 seconds until 172.68.174.65/32 is banned
8/10/2020, 10:59:30 PM warn 172.68.174.65 matched rule id 4 ([72]: SOGoRootPage Login from '172.68.174.65' for user 'onj0ir4bj@dsfsferw.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/10/2020, 10:59:04 PM warn 9 more attempts in the next 600 seconds until 172.68.174.65/32 is banned
8/10/2020, 10:59:04 PM warn 172.68.174.65 matched rule id 4 ([72]: SOGoRootPage Login from '172.68.174.65' for user 'onj0ir4bj@dsfsferw.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/10/2020, 10:42:29 PM warn 8 more attempts in the next 600 seconds until 172.69.34.191/32 is banned
8/10/2020, 10:42:29 PM warn 172.69.34.191 matched rule id 6 ([72]: 172.69.34.191 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.005 - - 0)
8/10/2020, 10:41:48 PM warn 9 more attempts in the next 600 seconds until 172.69.34.191/32 is banned
8/10/2020, 10:41:48 PM warn 172.69.34.191 matched rule id 6 ([72]: 172.69.34.191 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/10/2020, 3:12:25 PM info Watching Redis channel F2B_CHANNEL
8/10/2020, 3:12:25 PM info Clearing all bans
8/10/2020, 6:55:32 AM warn 9 more attempts in the next 600 seconds until 172.68.132.118/32 is banned
8/10/2020, 6:55:32 AM warn 172.68.132.118 matched rule id 6 ([29993]: 172.68.132.118 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/10/2020, 12:30:35 AM warn 9 more attempts in the next 600 seconds until 162.158.62.138/32 is banned
8/10/2020, 12:30:35 AM warn 162.158.62.138 matched rule id 6 ([29993]: 162.158.62.138 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/9/2020, 12:08:26 PM warn 9 more attempts in the next 600 seconds until 172.69.68.208/32 is banned
8/9/2020, 12:08:26 PM warn 172.69.68.208 matched rule id 6 ([29993]: 172.69.68.208 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/9/2020, 12:01:03 PM warn 9 more attempts in the next 600 seconds until 172.69.69.11/32 is banned
8/9/2020, 12:01:03 PM warn 172.69.69.11 matched rule id 6 ([28966]: 172.69.69.11 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.046 - - -916K)
8/9/2020, 9:35:02 AM warn 9 more attempts in the next 600 seconds until 172.68.174.135/32 is banned
8/9/2020, 9:35:02 AM warn 172.68.174.135 matched rule id 4 ([28966]: SOGoRootPage Login from '172.68.174.135' for user 'https://drive.google.com/open?id=1nKsMOzG26RMCyUzvKP8QB_97pkBKA0JH' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/9/2020, 7:57:29 AM warn 9 more attempts in the next 600 seconds until 172.68.174.135/32 is banned
8/9/2020, 7:57:29 AM warn 172.68.174.135 matched rule id 4 ([29993]: SOGoRootPage Login from '172.68.174.135' for user 'rbro4n4t1@dsfsferw.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/9/2020, 2:02:10 AM warn 9 more attempts in the next 600 seconds until 172.69.70.138/32 is banned
8/9/2020, 2:02:10 AM warn 172.69.70.138 matched rule id 4 ([18174]: SOGoRootPage Login from '172.69.70.138' for user 'etkjr0ktr@dsfsferw.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/9/2020, 2:00:43 AM warn 9 more attempts in the next 600 seconds until 172.69.70.234/32 is banned
8/9/2020, 2:00:43 AM warn 172.69.70.234 matched rule id 4 ([18174]: SOGoRootPage Login from '172.69.70.234' for user 'etkjr0ktr@dsfsferw.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/9/2020, 1:30:51 AM warn 9 more attempts in the next 600 seconds until 162.158.89.32/32 is banned
8/9/2020, 1:30:51 AM warn 162.158.89.32 matched rule id 4 ([6614]: SOGoRootPage Login from '162.158.89.32' for user 'etkjr0ktr@dsfsferw.com' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0)
8/8/2020, 11:17:44 PM warn 7 more attempts in the next 600 seconds until 162.158.106.7/32 is banned
8/8/2020, 11:17:44 PM warn 162.158.106.7 matched rule id 6 ([18174]: 162.158.106.7 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.003 - - 0)
8/8/2020, 11:17:18 PM warn 8 more attempts in the next 600 seconds until 162.158.106.7/32 is banned
8/8/2020, 11:17:18 PM warn 162.158.106.7 matched rule id 6 ([18174]: 162.158.106.7 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.035 - - 2M)
8/8/2020, 11:17:09 PM warn 9 more attempts in the next 600 seconds until 162.158.106.7/32 is banned
8/8/2020, 11:17:09 PM warn 162.158.106.7 matched rule id 6 ([18174]: 162.158.106.7 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.006 - - 0)
8/8/2020, 3:29:15 PM warn 7 more attempts in the next 600 seconds until 172.69.70.138/32 is banned
8/8/2020, 3:29:15 PM warn 172.69.70.138 matched rule id 6 ([18174]: 172.69.70.138 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/8/2020, 3:28:51 PM warn 8 more attempts in the next 600 seconds until 172.69.70.138/32 is banned
8/8/2020, 3:28:51 PM warn 172.69.70.138 matched rule id 6 ([18174]: 172.69.70.138 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.003 - - 0)
8/8/2020, 3:28:44 PM warn 9 more attempts in the next 600 seconds until 172.69.70.138/32 is banned
8/8/2020, 3:28:44 PM warn 172.69.70.138 matched rule id 6 ([18174]: 172.69.70.138 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/8/2020, 3:28:33 PM warn 7 more attempts in the next 600 seconds until 172.69.70.234/32 is banned
8/8/2020, 3:28:33 PM warn 172.69.70.234 matched rule id 6 ([18174]: 172.69.70.234 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/8/2020, 3:28:23 PM warn 8 more attempts in the next 600 seconds until 172.69.70.234/32 is banned
8/8/2020, 3:28:23 PM warn 172.69.70.234 matched rule id 6 ([18174]: 172.69.70.234 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.004 - - 0)
8/8/2020, 3:28:15 PM warn 9 more attempts in the next 600 seconds until 172.69.70.234/32 is banned
8/8/2020, 3:28:15 PM warn 172.69.70.234 matched rule id 6 ([18174]: 172.69.70.234 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.007 - - 0)
8/8/2020, 3:09:42 PM warn 7 more attempts in the next 600 seconds until 172.69.68.208/32 is banned
8/8/2020, 3:09:42 PM warn 172.69.68.208 matched rule id 6 ([29993]: 172.69.68.208 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.044 - - 2M)
8/8/2020, 3:09:42 PM warn 8 more attempts in the next 600 seconds until 172.69.68.208/32 is banned
8/8/2020, 3:09:42 PM warn 172.69.68.208 matched rule id 6 ([30638]: 172.69.68.208 "GET /SOGo/so/anonymous/Mail HTTP/1.0" 403 243/0 0.048 - - 2M)