View Single Post
  #10  
Old 9th January 2008, 21:01
DaRKNeSS666NL DaRKNeSS666NL is offline
Senior Member
 
Join Date: Nov 2006
Posts: 208
Thanks: 17
Thanked 5 Times in 4 Posts
Default

Here it is I Have noticed 2 warnings One from clamav that its outdated and needs to update.

And the most related one I think are the last few lines. If I read correctly the mail server sees all the email as dangerous or unknown and removes them.

Code:
Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 19:27:27 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan  9 19:27:27 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 21:24:23 dcs-server courierpop3login: Connection, ip=[::ffff:84.198.59.205]
Jan  9 21:24:23 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205]
Jan  9 21:24:23 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_toon, ip=[::ffff:84.198.59.205], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 21:39:05 dcs-server freshclam[4376]: Received signal: wake up 
Jan  9 21:39:05 dcs-server freshclam[4376]: ClamAV update process started at Wed Jan  9 21:39:05 2008 
Jan  9 21:39:05 dcs-server freshclam[4376]: SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES 
Jan  9 21:39:05 dcs-server freshclam[4376]: See the FAQ at http://www.clamav.net/support/faq for an explanation. 
Jan  9 21:39:05 dcs-server freshclam[4376]: Your ClamAV installation is OUTDATED! 
Jan  9 21:39:05 dcs-server freshclam[4376]: Local version: 0.91.2 Recommended version: 0.92 
Jan  9 21:39:05 dcs-server freshclam[4376]: DON'T PANIC! Read http://www.clamav.net/support/faq 
Jan  9 21:39:05 dcs-server freshclam[4376]: main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) 
Jan  9 21:39:05 dcs-server freshclam[4376]: daily.inc is up to date (version: 5459, sigs: 21320, f-level: 21, builder: ccordes) 
Jan  9 21:39:05 dcs-server freshclam[4376]: -------------------------------------- 
Jan  9 22:01:15 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
Jan  9 22:01:15 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
Jan  9 22:01:15 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:31:21 dcs-server courierpop3login: Connection, ip=[::ffff:90.128.161.215]
Jan  9 22:31:21 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215]
Jan  9 22:31:21 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_johan, ip=[::ffff:90.128.161.215], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_admin, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_appie, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:34:19 dcs-server courierpop3login: Connection, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGIN, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1]
Jan  9 22:34:19 dcs-server courierpop3login: LOGOUT, user=domestic-violence.nl_info, ip=[::ffff:192.168.1.1], top=0, retr=0, rcvd=12, sent=39, time=0
Jan  9 22:46:37 dcs-server postfix/smtpd[13672]: connect from unknown[208.11.75.2]
Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: setting up TLS connection from unknown[208.11.75.2]
Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: TLS connection established from unknown[208.11.75.2]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Jan  9 22:46:38 dcs-server postfix/smtpd[13672]: F095C7F4041: client=unknown[208.11.75.2]
Jan  9 22:46:39 dcs-server postfix/cleanup[13676]: F095C7F4041: message-id=<f07c7c440801091150n53b9a144t4ddbe8188422bcb8@mail.gmail.com>
Jan  9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: from=<domesticviolence.nl@gmail.com>, size=3075, nrcpt=1 (queue active)
Jan  9 22:46:39 dcs-server postfix/smtpd[13672]: disconnect from unknown[208.11.75.2]
Jan  9 22:46:39 dcs-server procmail[13678]: Suspicious rcfile "/var/www/web5/user/domestic-violence.nl_info/.procmailrc"
Jan  9 22:46:39 dcs-server postfix/local[13677]: F095C7F4041: to=<domestic-violence.nl_info@dcs-server.dcs-online.nl>, orig_to=<info@domestic-violence.nl>, relay=local, delay=0.3, delays=0.26/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan  9 22:46:39 dcs-server postfix/qmgr[23609]: F095C7F4041: removed
This is the /var/www/web5/user/domestic-violence.nl_info/.procmailrc
Code:
MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
ORGMAIL=$MAILDIR

INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.mailsize.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.quota.rc
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.antivirus.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.local-rules.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.html-trap.rc
INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.spamassassin.rc
## INCLUDERC=/var/www/web5/user/domestic-violence.nl_info/.autoresponder.rc
I am currently running the update to version.....19. Mabey that will help.
__________________
Updating my server to Debian Squeeze, so here I go again...

Last edited by DaRKNeSS666NL; 9th January 2008 at 22:28.
Reply With Quote