From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 19 15:00:56 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 08E6B106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 19 Aug 2011 15:00:56 +0000 (UTC) (envelope-from mark@msen.com)
Received: from shell.msen.com (msen.com [148.59.86.2])
	by mx1.freebsd.org (Postfix) with ESMTP id C7DD68FC16
	for <freebsd-questions@freebsd.org>;
	Fri, 19 Aug 2011 15:00:55 +0000 (UTC)
X-Sent-To: <freebsd-questions@freebsd.org>
Received: from [192.168.1.108] (c-68-40-255-141.hsd1.mi.comcast.net
	[68.40.255.141]) (authenticated bits=0)
	by shell.msen.com (8.14.3/8.14.3) with ESMTP id p7JF0shZ019087
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <freebsd-questions@freebsd.org>;
	Fri, 19 Aug 2011 11:00:55 -0400 (EDT) (envelope-from mark@msen.com)
Message-ID: <4E4E7AC1.5000904@msen.com>
Date: Fri, 19 Aug 2011 11:01:21 -0400
From: Mark Moellering <mark@msen.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: FreeBSD <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: Pass (sender authenticated); receiver=msen.com;
	client-ip=68.40.255.141; envelope-from=<mark@msen.com>
Received-SPF: Pass (sender authenticated); receiver=msen.com;
	client-ip=68.40.255.141; helo=[192.168.1.108]
X-Milter: Spamilter (Reciever: shell.msen.com; Sender-ip: 68.40.255.141;
	Sender-helo: [192.168.1.108]; )
Subject: My server is under attack (I think)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2011 15:00:56 -0000

I keep seeing a flood of messages when I run dmesg -a that look like this:

mail sshd[1831]: warning: /etc/hosts.allow, line 2: can't verify 
hostname: getaddrinfo(ip223.hichina.com, AF_INET) failed

Is there anything I should be doing to make sure the server isn't 
compromised?  It is a mail server running postfix / dovecot
I have pf set up and am also running a program called sshguard.
I am kind of at a loss.  It looks like I am under attack but I don't 
know what to do about it.  Any help is greatly appreciated

Thanks in advance

Mark Moellering
mark@msen.com