Current time: 10-05-2022, 08:05 PM Hello There, Guest! (LoginRegister)


Post Reply 
Problem postfix...
Author Message
santerref Offline
Junior Member
*

Posts: 62
Joined: Apr 2008
Reputation: 0
Post: #1
Problem postfix...
Hello, logwatch sends me the log by email... And in the postfix section there is many things that i do not understand and I want to know if there is risk or problem with these log (because there is ip from many country) :

Quote: --------------------- postfix Begin ------------------------



288925 bytes transferred
67 messages sent
67 messages removed from queue

Top ten local senders:
54 messages sent by:
webmaster@manager.h3berg.com (uid=2000):
8 messages sent by:
root (uid=0):


SASL Authentication failed from:
114-44-147-88.dynamic.hinet.net[114.44.147.88] : 40 Time(s)


Local Bounce:
To ovh@ks365184.kimsufi.com Msg="unknown user: "ovh"" : 4 Time(s)
To webmaster@manager.h3berg.com Msg="mail for manager.h3berg.com loops back to myself" : 2 Time(s)


Foreign Bounce:
To no-reply@h3berg.com Msg="unknown user: "no-reply@h3berg.com"" : 2 Time(s)


Too many errors in SMTP commands dialog:
After command AUTH:
114-44-147-88.dynamic.hinet.net[114.44.147.88] : 2 Time(s)


Connections lost:
Connection lost while CONNECT : 6 Time(s)
Connection lost while HELO : 2 Time(s)
Connection lost while RCPT : 14 Time(s)


Errors in HELO/EHLO conversation:
Helo command rejected: need fully-qualified hostname:
114-44-40-179.dynamic.hinet.net[114.44.40.179] : 2 Time(s)
118-165-90-59.dynamic.hinet.net[118.165.90.59] : 2 Time(s)
118-167-128-232.dynamic.hinet.net[118.167.128.232] : 2 Time(s)
118-167-131-211.dynamic.hinet.net[118.167.131.211] : 2 Time(s)
118-168-105-58.dynamic.hinet.net[118.168.105.58] : 2 Time(s)
118-168-107-79.dynamic.hinet.net[118.168.107.79] : 2 Time(s)
123-204-26-173.dynamic.seed.net.tw[123.204.26.173] : 2 Time(s)


Unrecognized warning:
SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory : 80 Time(s)

---------------------- postfix End -------------------------

What are they trying to do?
12-26-2008 05:11 AM
Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #2
RE: Problem postfix...
(12-26-2008 05:11 AM)santerref Wrote:  What are they trying to do?

What do you expect? they trying to send spam...


I would recommend you to block all mails received from clients of seed and hinet (or others...) using a pcre client_access_check map.
12-28-2008 06:27 AM
Visit this user's website Find all posts by this user Quote this message in a reply
santerref Offline
Junior Member
*

Posts: 62
Joined: Apr 2008
Reputation: 0
Post: #3
RE: Problem postfix...
I don't really understand your answer? But the courrier section is strange or not i don't know can you tell me if it's ok ?

Quote:Connections: 1938 Times
Protocol IMAP - 948 Times
Host 127.0.0.1 - 948 Times

Protocol POP3 - 990 Times
Host 127.0.0.1 - 948 Times
Host 129.125.17.240 - 2 Times
Host 193.34.91.45 - 4 Times
Host 195.137.40.160 - 2 Times
Host 208.73.226.242 - 4 Times
Host 209.222.49.70 - 4 Times
Host 217.77.46.49 - 4 Times
Host 62.193.225.236 - 2 Times
Host 62.193.228.72 - 2 Times
Host 62.193.229.149 - 2 Times
Host 62.193.248.174 - 2 Times
Host 62.193.249.19 - 4 Times
Host 80.153.111.205 - 8 Times
Host 84.19.174.110 - 2 Times



**Unmatched Entries**
courierpop3login - 1938 Times
Disconnected, ip=[::ffff:127.0.0.1] - 948 Times
Disconnected, ip=[::ffff:129.125.17.240] - 2 Times
Disconnected, ip=[::ffff:193.34.91.45] - 4 Times
Disconnected, ip=[::ffff:195.137.40.160] - 2 Times
Disconnected, ip=[::ffff:208.73.226.242] - 4 Times
Disconnected, ip=[::ffff:209.222.49.70] - 4 Times
Disconnected, ip=[::ffff:217.77.46.49] - 4 Times
Disconnected, ip=[::ffff:62.193.225.236] - 2 Times
Disconnected, ip=[::ffff:62.193.228.72] - 2 Times
Disconnected, ip=[::ffff:62.193.229.149] - 2 Times
Disconnected, ip=[::ffff:62.193.248.174] - 2 Times
Disconnected, ip=[::ffff:62.193.249.19] - 4 Times
Disconnected, ip=[::ffff:80.153.111.205] - 8 Times
Disconnected, ip=[::ffff:84.19.174.110] - 2 Times
LOGOUT, ip=[::ffff:127.0.0.1] - 948 Times

for now, we don't use the email tools (we never send email and we never received mail too so Sad )
12-28-2008 08:49 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)