Postfix
郵件伺服器記憶體緩衝區錯誤
有時,我的郵件伺服器會停止發送任何新郵件。發生這種情況時,我發現以下錯誤日誌,
Jun 22 23:10:18 myserver saslauthd[3967]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:18 myserver saslauthd[3971]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:19 myserver saslauthd[3972]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:19 myserver saslauthd[3968]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:20 myserver saslauthd[3969]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:20 myserver saslauthd[3967]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:21 myserver saslauthd[3971]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:21 myserver saslauthd[3972]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error Jun 22 23:10:22 myserver saslauthd[3971]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
每次我必須重新啟動伺服器才能再次正常工作。
我也總是從未知的 IP 地址中找到以下重複錯誤日誌(我不確定它是否相關):
Jun 21 06:48:43 myserver sshd[1687]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root Jun 21 06:48:45 myserver sshd[1708]: Failed password for root from ######## port 60021 ssh2 Jun 21 06:48:47 myserver sshd[1708]: Failed password for root from ######## port 60021 ssh2 Jun 21 06:48:47 myserver sshd[1708]: Received disconnect from #######: 11: [preauth] Jun 21 06:48:47 myserver sshd[1708]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root Jun 21 06:48:47 myserver sshd[1730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root Jun 21 06:48:48 myserver sshd[1732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost============= user=root Jun 21 06:48:48 myserver sshd[1730]: Failed password for root from ************ port 60094 ssh2 Jun 21 06:48:50 myserver sshd[1732]: Failed password for root from ============ port 40613 ssh2 Jun 21 06:48:50 myserver sshd[1730]: Failed password for root from ************ port 60094 ssh2 Jun 21 06:48:50 myserver sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root Jun 21 06:48:52 myserver sshd[1736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root Jun 21 06:48:52 myserver sshd[1732]: Failed password for root from ============ port 40613 ssh2 Jun 21 06:48:52 myserver sshd[1730]: Failed password for root from ************ port 60094 ssh2 Jun 21 06:48:52 myserver sshd[1730]: Received disconnect from ***********: 11: [preauth] Jun 21 06:48:52 myserver sshd[1730]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=*********** user=root Jun 21 06:48:52 myserver sshd[1734]: Failed password for root from ######## port 47803 ssh2 Jun 21 06:48:54 myserver sshd[1736]: Failed password for root from ######## port 55371 ssh2 Jun 21 06:48:54 myserver sshd[1732]: Failed password for root from ============ port 40613 ssh2
感謝該文章的回答: https ://askubuntu.com/questions/645036/mail-server-memory-buffer-error
根據https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758660 saslauthd 在一定數量的登錄(成功和/或失敗)後停止執行。
您不需要重新啟動整個伺服器,以下就足夠了:
service saslauthd restart
您可以將其放入 crontab 中。
如果大量登錄來自相同的惡意 IP,您可以在防火牆中丟棄來自該 IP 的請求以使 saslauthd 持續更長時間,例如 iptables -A INPUT -s 185.29.11.6 -j DROP