I have a small vps with 4 users.
Two different accounts report having problems with outlook (one has many account authentication failures daily from his office but not all of the time)
I've been tossing this into the "end-user-outlook config problem bucket".
So I investigated further.
Upon investigation of various log files inside "var/log" I found things that I don't understand. Some things might be normal but I'm not sure.
EXIM_MAINLOG: (actual usernames and ips are replaced)
I thought this was a wrong password entered but he claims its always correct:
2011-11-15 13:23:38 dovecot_login authenticator failed for (fredpc) [123.456.789.123]: 535 Incorrect authentication data (set_id=fred@hisdomain.com)
2011-11-15 13:23:41 no host name found for IP address 123.456.789.123
Immediately followed by this line. ( what would this mean?)
I see several of these error entries for him daily.
The exim_rejectlog has many entries for this guy each day as well.
I also see several of these daily in the exim_mainlog.
H=(fredPC) [123.456.789.123] Warning: Sender rate 1.0 / 1h
MESSAGE:
This is unrelated but when I looked at the 'message' log file in var/log I found a ton of this activity all day long and ever day.
What is this?
Nov 7 21:39:33 host pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Nov 7 22:39:34 host pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__mCHsUBn7kz2u4FDuMEOg1_wgmTDgrC_eiFV_buItU4Jo1cVKqZIhXcnk2guLmfIJ is now logged in
Nov 7 22:39:34 host pure-ftpd: (__cpanel__service__auth__ftpd__mCHsUBn7kz2u4FDuMEOg1_wgmTDgrC_eiFV_buItU4Jo1cVKqZIhXcnk2guLmfIJ@127.0.0.1) [INFO] Logout.
Nov 7 21:42:10 host named[1596]: network unreachable resolving '105.111.55.65.in-addr.arpa/PTR/IN': 2001:500:87::87#53
With tons of "network unreachable entries usually following the login.
What is logging in?
I'm the only one who logs into the server and I use ssh.
Is my machine spitting out spam?
Nov 13 21:53:22 host pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Nov 13 22:53:23 host pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__d2LIjJx8kcywrrjc6MQSlnstu2MaqlM9HYheSgjt8pQ5ehkFXHb6QoCUw6fac3XD is now logged in
Nov 13 22:53:23 host pure-ftpd: (__cpanel__service__auth__ftpd__d2LIjJx8kcywrrjc6MQSlnstu2MaqlM9HYheSgjt8pQ5ehkFXHb6QoCUw6fac3XD@127.0.0.1) [INFO] Logout.
Nov 13 21:54:31 host kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=46.105.119.72 DST=204.197.242.164 LEN=445 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5092 DPT=5060 LEN=425
Nov 13 21:54:32 host kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=46.105.119.72 DST=204.197.243.164 LEN=445 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5092 DPT=5060 LEN=425
Nov 13 21:54:35 host named[1596]: network unreachable resolving '72.119.105.46.in-addr.arpa/PTR/IN': 2001:500:2e::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:4a86::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:4a82::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:1986::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/AAAA/IN': 2001:41d0:1:1986::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:1983::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/AAAA/IN': 2001:41d0:1:1983::1#53
Any suggestions on a good program to use for log file viewing/inspection.
Should get someone to inspect the vps?
Rob
Two different accounts report having problems with outlook (one has many account authentication failures daily from his office but not all of the time)
I've been tossing this into the "end-user-outlook config problem bucket".
So I investigated further.
Upon investigation of various log files inside "var/log" I found things that I don't understand. Some things might be normal but I'm not sure.
EXIM_MAINLOG: (actual usernames and ips are replaced)
I thought this was a wrong password entered but he claims its always correct:
2011-11-15 13:23:38 dovecot_login authenticator failed for (fredpc) [123.456.789.123]: 535 Incorrect authentication data (set_id=fred@hisdomain.com)
2011-11-15 13:23:41 no host name found for IP address 123.456.789.123
Immediately followed by this line. ( what would this mean?)
I see several of these error entries for him daily.
The exim_rejectlog has many entries for this guy each day as well.
I also see several of these daily in the exim_mainlog.
H=(fredPC) [123.456.789.123] Warning: Sender rate 1.0 / 1h
MESSAGE:
This is unrelated but when I looked at the 'message' log file in var/log I found a ton of this activity all day long and ever day.
What is this?
Nov 7 21:39:33 host pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Nov 7 22:39:34 host pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__mCHsUBn7kz2u4FDuMEOg1_wgmTDgrC_eiFV_buItU4Jo1cVKqZIhXcnk2guLmfIJ is now logged in
Nov 7 22:39:34 host pure-ftpd: (__cpanel__service__auth__ftpd__mCHsUBn7kz2u4FDuMEOg1_wgmTDgrC_eiFV_buItU4Jo1cVKqZIhXcnk2guLmfIJ@127.0.0.1) [INFO] Logout.
Nov 7 21:42:10 host named[1596]: network unreachable resolving '105.111.55.65.in-addr.arpa/PTR/IN': 2001:500:87::87#53
With tons of "network unreachable entries usually following the login.
What is logging in?
I'm the only one who logs into the server and I use ssh.
Is my machine spitting out spam?
Nov 13 21:53:22 host pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Nov 13 22:53:23 host pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__d2LIjJx8kcywrrjc6MQSlnstu2MaqlM9HYheSgjt8pQ5ehkFXHb6QoCUw6fac3XD is now logged in
Nov 13 22:53:23 host pure-ftpd: (__cpanel__service__auth__ftpd__d2LIjJx8kcywrrjc6MQSlnstu2MaqlM9HYheSgjt8pQ5ehkFXHb6QoCUw6fac3XD@127.0.0.1) [INFO] Logout.
Nov 13 21:54:31 host kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=46.105.119.72 DST=204.197.242.164 LEN=445 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5092 DPT=5060 LEN=425
Nov 13 21:54:32 host kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=46.105.119.72 DST=204.197.243.164 LEN=445 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=5092 DPT=5060 LEN=425
Nov 13 21:54:35 host named[1596]: network unreachable resolving '72.119.105.46.in-addr.arpa/PTR/IN': 2001:500:2e::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:4a86::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:4a82::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:1986::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/AAAA/IN': 2001:41d0:1:1986::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/A/IN': 2001:41d0:1:1983::1#53
Nov 13 21:54:35 host named[1596]: network unreachable resolving 'dns18.ovh.net/AAAA/IN': 2001:41d0:1:1983::1#53
Any suggestions on a good program to use for log file viewing/inspection.
Should get someone to inspect the vps?
Rob