View Single Post
  #5  
Old 15th February 2006, 21:13
rdells rdells is offline
Junior Member
 
Join Date: Feb 2006
Posts: 23
Thanks: 0
Thanked 3 Times in 2 Posts
Default

I am trying to get some of the log.
the obvious (to me) on the mail log is the entries of:

"ipop3d[1728]: Mailbox volnerable - directory /var/spool/mail must have 1777 protection."

Is this normal for maillog??

I did some more testing, on one email account:
ON: mailscan, antivirus, spamfilter: cpu jump at 100%
ON: mailscan, antivirus: cpu jump at 30%
OFF: mailscan, antivirus, spamfilter: cpu jump at 30%
Seems as though spamfilter is very intense!

Is this normal behavior for spam filter?

The Server is 800Mhz with Raid1, 256Mb Ram, Only one website.
Maybe I need more power to run the spamfilter and antivirus?

Thanks, will try and get the log for you....it's getting very large...gedit keeps crashing(I have desktop installed to help my 'rookie-ness').

*********
Ok, heres the maillog:
The server = server1.myserver.tld (made this up)
Workstation Router = 11.11.11.11 (made this up)
I sent 1 plain txt email
I recieved the same 1 plain txt email, plus another email

Feb 15 12:58:59 server1 postfix/smtpd[20615]: connect from unknown[11.11.11.11]
Feb 15 12:58:59 server1 postfix/smtpd[20615]: 30D093205FD: client=unknown[11.11.11.11], sasl_method=LOGIN, sasl_username=web1_info
Feb 15 12:58:59 server1 postfix/cleanup[20592]: 30D093205FD: message-id=<019a01c63268$c9965ce0$6501a8c0@epm002>
Feb 15 12:58:59 server1 postfix/qmgr[2453]: 30D093205FD: from=<info@pmfsd.com>, size=615, nrcpt=1 (queue active)
Feb 15 12:58:59 server1 postfix/smtpd[20615]: disconnect from unknown[11.11.11.11]
Feb 15 12:58:59 server1 sendmail[20682]: k1FKwx2i020682: from=web1_admin, size=116, class=0, nrcpts=1, msgid=<200602152058.k1FKwx2i020682@server1.myserve r.tld>, relay=web1_admin@localhost
Feb 15 12:58:59 server1 postfix/smtpd[20564]: connect from server1.myserver.tld[127.0.0.1]
Feb 15 12:58:59 server1 postfix/smtpd[20564]: setting up TLS connection from server1.myserver.tld[127.0.0.1]
Feb 15 12:58:59 server1 postfix/smtpd[20564]: TLS connection established from server1.myserver.tld[127.0.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 15 12:58:59 server1 sendmail[20682]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Feb 15 12:58:59 server1 postfix/smtpd[20564]: A30FB320608: client=server1.myserver.tld[127.0.0.1], sasl_sender=web1_admin@server1.myserver.tld
Feb 15 12:58:59 server1 postfix/cleanup[20592]: A30FB320608: message-id=<200602152058.k1FKwx2i020682@server1.myserver.t ld>
Feb 15 12:58:59 server1 postfix/qmgr[2453]: A30FB320608: from=<web1_admin@server1.myserver.tld>, size=796, nrcpt=1 (queue active)
Feb 15 12:58:59 server1 sendmail[20682]: k1FKwx2i020682: to=admispconfig@localhost, ctladdr=web1_admin (10039/10001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30116, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as A30FB320608)
Feb 15 12:58:59 server1 postfix/smtpd[20564]: disconnect from server1.myserver.tld[127.0.0.1]
Feb 15 12:58:59 server1 postfix/local[20616]: 30D093205FD: to=<web1_admin@server1.myserver.tld>, orig_to=<pmfsd.admin@pmfsd.com>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-)
Feb 15 12:58:59 server1 postfix/qmgr[2453]: 30D093205FD: removed
Feb 15 12:58:59 server1 postfix/local[20595]: A30FB320608: to=<admispconfig@server1.myserver.tld>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-)
Feb 15 12:58:59 server1 postfix/qmgr[2453]: A30FB320608: removed
Feb 15 12:59:07 server1 ipop3d[20709]: pop3 service init from 11.11.11.11
Feb 15 12:59:08 server1 ipop3d[20709]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Feb 15 12:59:08 server1 ipop3d[20709]: Login user=web1_admin host=[11.11.11.11] nmsgs=2/2
Feb 15 12:59:08 server1 ipop3d[20709]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Feb 15 12:59:08 server1 ipop3d[20709]: Logout user=web1_admin host=[11.11.11.11] nmsgs=0 ndele=2

Last edited by rdells; 15th February 2006 at 22:21.
Reply With Quote