outlook email problems and log file entries

Discussion in 'Linux VPS/Dedicated - General' started by rjs, Nov 21, 2011.

  1. rjs

    rjs New Member

    I have a small vps with 4 users.
    Two different accounts report having problems with outlook (one has many account authentication failures daily from his office but not all of the time)
    I've been tossing this into the "end-user-outlook config problem bucket".

    So I investigated further.
    Upon investigation of various log files inside "var/log" I found things that I don't understand. Some things might be normal but I'm not sure.


    EXIM_MAINLOG: (actual usernames and ips are replaced)

    I thought this was a wrong password entered but he claims its always correct:
    2011-11-15 13:23:38 dovecot_login authenticator failed for (fredpc) [123.456.789.123]: 535 Incorrect authentication data ([email protected])
    2011-11-15 13:23:41 no host name found for IP address 123.456.789.123
    Immediately followed by this line. ( what would this mean?)

    I see several of these error entries for him daily.
    The exim_rejectlog has many entries for this guy each day as well.

    I also see several of these daily in the exim_mainlog.
    H=(fredPC) [123.456.789.123] Warning: Sender rate 1.0 / 1h



    MESSAGE:
    This is unrelated but when I looked at the 'message' log file in var/log I found a ton of this activity all day long and ever day.
    What is this?

    Nov 7 21:39:33 host pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
    Nov 7 22:39:34 host pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__mCHsUBn7kz2u4FDuMEOg1_wgmTDgrC_eiFV_buItU4Jo1cVKqZIhXcnk2guLmfIJ is now logged in
    Nov 7 22:39:34 host pure-ftpd: (__cpanel__service__auth__ftpd__mCHsUBn7kz2u4FDuMEOg1_wgmTDgrC_eiF[email protected]) [INFO] Logout.
    Nov 7 21:42:10 host named[1596]: network unreachable resolving '105.111.55.65.in-addr.arpa/PTR/IN': 2001:500:87::87#53

    With tons of "network unreachable entries usually following the login.
    What is logging in?
    I'm the only one who logs into the server and I use ssh.
    Is my machine spitting out spam?

    Nov 13 21:53:22 host pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
    Nov 13 22:53:23 host pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__d2LIjJx8kcywrrjc6MQSlnstu2MaqlM9HYheSgjt8pQ5ehkFXHb6QoCUw6fac3XD is now logged in
    Nov 13 22:53:23 host pure-ftpd: (__cpanel__service__auth__ftpd__d2LIjJx8kcywrrjc6MQSlnstu2MaqlM9HY[email protected]) [INFO] Logout.
    Nov 13 21:54:31 host kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=46.105.119.72 DST=204.197.242.164 LEN=445 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5092 DPT=5060 LEN=425
    Nov 13 21:54:32 host kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=46.105.119.72 DST=204.197.243.164 LEN=445 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5092 DPT=5060 LEN=425
    Nov 13 21:54:35 host named[1596]: network unreachable resolving '72.119.105.46.in-addr.arpa/PTR/IN': 2001:500:2e::1#53
    Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:4a86::1#53
    Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:4a82::1#53
    Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:1986::1#53
    Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/AAAA/IN': 2001:41d0:1:1986::1#53
    Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:1983::1#53
    Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/AAAA/IN': 2001:41d0:1:1983::1#53



    Any suggestions on a good program to use for log file viewing/inspection.
    Should get someone to inspect the vps?

    Rob
     
  2. rjs

    rjs New Member

    KH tech support said all is ok.
     

Share This Page