View Single Post
  #14  
Old 17th February 2012, 16:36
Cracklefish Cracklefish is offline
Member
 
Join Date: Mar 2009
Posts: 95
Thanks: 8
Thanked 3 Times in 3 Posts
Default

Further info

Just been looking back through the mail logs. It looks like the problem happened around about the same time as the update to ISPConfig. I seem to have attracted the attentions of a hacker. There are many thousand attempts to gain access. Here are some edited highlights of the mail log from before the update and after it. For brevity I have heavily edited it I hope I've not removed any important stuff.

Code:
Feb 14 19:17:09 Golf1 amavis[7481]: (07481-01) post_process_request_hook: timer was not running
Feb 14 19:17:09 Golf1 amavis[7481]: (07481-01) idle_proc, bye: was busy, 17.2 ms, total idle 0.013 s, busy 3.394 s
Feb 14 19:17:09 Golf1 amavis[7481]: (07481-01) load: 100 %, total idle 0.013 s, busy 3.394 s
Feb 14 19:20:27 Golf1 postfix/anvil[7755]: statistics: max connection rate 1/60s for (smtp:188.48.7.240) at Feb 14 19:16:55
Feb 14 19:20:27 Golf1 postfix/anvil[7755]: statistics: max connection count 1 for (smtp:188.48.7.240) at Feb 14 19:16:55
Feb 14 19:20:27 Golf1 postfix/anvil[7755]: statistics: max cache size 1 at Feb 14 19:16:55
Feb 14 19:24:43 Golf1 postfix/smtpd[8570]: connect from unknown[119.30.47.54]
Feb 14 19:24:50 Golf1 postfix/smtpd[8570]: NOQUEUE: reject: RCPT from unknown[119.30.47.54]: 554 5.7.1 <siamvi@crosoer.com>: Relay access denied; from=<relegationh5@oak-harbor.com> to=<siamvi@crosoer.com> proto=ESMTP helo=<VCBFTNGC>
Feb 14 19:25:09 Golf1 postfix/smtpd[8570]: NOQUEUE: reject: RCPT from unknown[119.30.47.54]: 554 5.7.1 <siamvi@crosoer.com>: Relay access denied; from=<moussing2@bigprairieprepress.20m.com> to=<siamvi@crosoer.com> proto=ESMTP helo=<VCBFTNGC>
Feb 14 19:25:15 Golf1 postfix/smtpd[8570]: NOQUEUE: reject: RCPT from unknown[119.30.47.54]: 554 5.7.1 <siamvi@crosoer.com>: Relay access denied; from=<prefixesyb@prioritymarketing.com> to=<siamvi@crosoer.com> proto=ESMTP helo=<VCBFTNGC>
Feb 14 19:25:18 Golf1 postfix/smtpd[8570]: lost connection after DATA from unknown[119.30.47.54]
Feb 14 19:25:18 Golf1 postfix/smtpd[8570]: disconnect from unknown[119.30.47.54]
Feb 14 19:25:49 Golf1 postfix/master[2512]: terminating on signal 15
Feb 14 19:25:51 Golf1 postfix/postfix-script[9089]: starting the Postfix mail system
Feb 14 19:25:51 Golf1 postfix/master[9090]: daemon started -- version 2.7.1, configuration /etc/postfix
Feb 14 19:25:57 Golf1 amavis[9114]: logging initialized, log level 5, syslog: amavis.mail
Feb 14 19:25:57 Golf1 amavis[9114]: run_command: [9124] /usr/bin/uptime </dev/null 2>/dev/null
Feb 14 19:25:57 Golf1 amavis[9124]: open_on_specific_fd: target fd0 closing, to become < /dev/null
Feb 14 19:25:57 Golf1 amavis[9124]: open_on_specific_fd: target fd1 closing, to become > &=6
Feb 14 19:25:57 Golf1 amavis[9124]: open_on_specific_fd: target fd1 dup2 from fd6 > &=6
Feb 14 19:25:57 Golf1 amavis[9124]: open_on_specific_fd: source fd6 closed
Feb 14 19:25:57 Golf1 amavis[9124]: open_on_specific_fd: target fd2 closing, to become > /dev/null
Feb 14 19:25:57 Golf1 amavis[9114]: system uptime 4 2:58:00:  19:25pm  up 4 days  2:58,  1 user,  load average: 0.29, 0.17, 0.06
Feb 14 19:25:57 Golf1 amavis[9114]: Valid PID file (younger than sys uptime 4 2:58:00)
Feb 14 19:25:57 Golf1 amavis[2540]: Net::Server: 2012/02/14-19:25:57 Server closing!
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) SpamControl: rundown_child on SpamAssassin done
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) child_finish_hook: invoking DESTROY methods
Feb 14 19:25:57 Golf1 amavis[7552]: SpamControl: rundown_child on SpamAssassin done
Feb 14 19:25:57 Golf1 amavis[7552]: child_finish_hook: invoking DESTROY methods
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) Amavis::TempDir DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) TempDir removal: empty tempdir is being removed: /var/spool/amavis/tmp/amavis-20120214T191706-07481
Feb 14 19:25:57 Golf1 amavis[7552]: Amavis::Lookup::SQL DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) rmdir_recursively: /var/spool/amavis/tmp/amavis-20120214T191706-07481, excl=
Feb 14 19:25:57 Golf1 amavis[7552]: Amavis::Lookup::SQL DESTROY called
Feb 14 19:25:57 Golf1 amavis[7552]: Amavis::Out::SQL::Connection DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) rmdir_recursively: /var/spool/amavis/tmp/amavis-20120214T191706-07481/parts, excl=0
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) Amavis::Lookup::SQL DESTROY called
Feb 14 19:25:57 Golf1 amavis[7552]: Amavis::Cache DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) Amavis::Cache DESTROY called
Feb 14 19:25:57 Golf1 amavis[7552]: Amavis::DB::SNMP DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) Amavis::DB::SNMP DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) Amavis::Out::SQL::Connection DESTROY called
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) disconnecting from SQL
Feb 14 19:25:57 Golf1 amavis[7481]: (07481-01) Amavis::Lookup::SQL DESTROY called
Feb 14 19:25:58 Golf1 amavis[9114]: Waiting for the process [2540] to terminate
Feb 14 19:26:03 Golf1 amavis[9114]: Daemon [2540] terminated by SIGTERM
Feb 14 19:26:08 Golf1 amavis[9156]: logging initialized, log level 5, syslog: amavis.mail
Feb 14 19:26:08 Golf1 amavis[9156]: starting.  /usr/sbin/amavisd at linux-jfp8.site amavisd-new-2.6.4 (20090625), Unicode aware, LC_ALL="POSIX", LC_CTYPE="en_GB.UTF-8", LANG="POSIX"
Feb 14 19:26:08 Golf1 amavis[9156]: user=, EUID: 65 (65);  group=, EGID: 305 305 (305 305)
Feb 14 19:26:08 Golf1 amavis[9156]: Perl version               5.012001
Feb 14 19:26:09 Golf1 amavis[9156]: INFO: no optional modules: unicore::Canonical.pl unicore::Exact.pl unicore::PVA.pl
Feb 14 19:26:09 Golf1 amavis[9156]: SpamControl: attempting to load scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
Feb 14 19:26:09 Golf1 amavis[9156]: SpamControl: scanner SpamAssassin, module Amavis::SpamControl::SpamAssassin
Feb 14 19:26:12 Golf1 amavis[9156]: INFO: SA version: 3.3.1, 3.003001, no optional modules: Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF
Feb 14 19:26:12 Golf1 amavis[9156]: SpamControl: init_pre_chroot on SpamAssassin done
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: Process Backgrounded
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: 2012/02/14-19:26:12 Amavis (type Net::Server::PreForkSimple) starting! pid(9159)
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: Binding to UNIX socket file /var/spool/amavis/amavisd.sock using SOCK_STREAM
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: Group Not Defined.  Defaulting to EGID '305 305'
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: User Not Defined.  Defaulting to EUID '65'
Feb 14 19:26:12 Golf1 amavis[9159]: Net::Server: Setting up serialization via flock
Feb 14 19:26:12 Golf1 amavis[9159]: after_chroot_init: EUID: 65 (65);  EGID: 305 305 (305 305)
Feb 14 19:26:12 Golf1 amavis[9159]: config files read: /etc/amavisd.conf
Feb 14 19:26:12 Golf1 amavis[9159]: Module Amavis::Conf        2.207
Feb 14 19:26:12 Golf1 amavis[9159]: Module Archive::Zip        1.30
Feb 14 19:26:12 Golf1 amavis[9159]: Module BerkeleyDB          0.42
Feb 14 19:26:12 Golf1 amavis[9159]: Module Compress::Zlib      2.024
Feb 14 19:26:12 Golf1 amavis[9159]: Module Convert::TNEF       0.17
Feb 14 19:26:12 Golf1 amavis[9159]: Module Convert::UUlib      1.33
Feb 14 19:26:12 Golf1 amavis[9159]: Module Crypt::OpenSSL::RSA 0.26
Feb 14 19:26:12 Golf1 amavis[9159]: Module DBD::mysql          4.014
Feb 14 19:26:12 Golf1 amavis[9159]: Module DBI                 1.609
Feb 14 19:26:12 Golf1 amavis[9159]: Module DB_File             1.82
Feb 14 19:26:12 Golf1 amavis[9159]: Module Digest::MD5         2.39
Feb 14 19:26:12 Golf1 amavis[9159]: Module Digest::SHA         5.47
Feb 14 19:26:12 Golf1 amavis[9159]: Module Digest::SHA1        2.12
Feb 14 19:26:12 Golf1 amavis[9159]: Module IO::Socket::INET6   2.61
Feb 14 19:26:12 Golf1 amavis[9159]: Module MIME::Entity        5.427
Feb 14 19:26:12 Golf1 amavis[9159]: Module MIME::Parser        5.427
Feb 14 19:26:12 Golf1 amavis[9159]: Module MIME::Tools         5.427
Feb 14 19:26:12 Golf1 amavis[9159]: Module Mail::DKIM::Verifier 0.38
Feb 14 19:26:12 Golf1 amavis[9159]: Module Mail::Header        2.06
Feb 14 19:26:12 Golf1 amavis[9159]: Module Mail::Internet      2.06
Feb 14 19:26:12 Golf1 amavis[9159]: Module Mail::SPF           v2.007
Feb 14 19:26:12 Golf1 amavis[9159]: Module Mail::SpamAssassin  3.003001
Feb 14 19:26:12 Golf1 amavis[9159]: Module Net::DNS            0.66
Feb 14 19:26:12 Golf1 amavis[9159]: Module Net::Server         0.97
Feb 14 19:26:12 Golf1 amavis[9159]: Module NetAddr::IP         4.027
Feb 14 19:26:12 Golf1 amavis[9159]: Module Razor2::Client::Version 2.84
Feb 14 19:26:12 Golf1 amavis[9159]: Module Socket6             0.23
Feb 14 19:26:12 Golf1 amavis[9159]: Module Time::HiRes         1.9719
Feb 14 19:26:12 Golf1 amavis[9159]: Module URI                 1.54
Feb 14 19:26:12 Golf1 amavis[9159]: Module Unix::Syslog        1.1
Feb 14 19:26:12 Golf1 amavis[9159]: Amavis::DB code      loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Amavis::Cache code   loaded
Feb 14 19:26:12 Golf1 amavis[9159]: SQL base code        loaded
Feb 14 19:26:12 Golf1 amavis[9159]: SQL::Log code        NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: SQL::Quarantine      NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Lookup::SQL code     loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Lookup::LDAP code    NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: AM.PDP-in proto code loaded
Feb 14 19:26:12 Golf1 amavis[9159]: SMTP-in proto code   loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Courier proto code   NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: SMTP-out proto code  loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Pipe-out proto code  NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: BSMTP-out proto code NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Local-out proto code loaded
Feb 14 19:26:12 Golf1 amavis[9159]: OS_Fingerprint code  NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: ANTI-VIRUS code      loaded
Feb 14 19:26:12 Golf1 amavis[9159]: ANTI-SPAM code       loaded
Feb 14 19:26:12 Golf1 amavis[9159]: ANTI-SPAM-EXT code   NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: ANTI-SPAM-C code     NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: ANTI-SPAM-SA code    loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Unpackers code       loaded
Feb 14 19:26:12 Golf1 amavis[9159]: DKIM code            NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Tools code           NOT loaded
Feb 14 19:26:12 Golf1 amavis[9159]: Found $file            at /usr/bin/file
Feb 14 19:26:12 Golf1 amavis[9159]: No $altermime,         not using it
Feb 14 19:26:12 Golf1 amavis[9159]: Internal decoder for .mail
Feb 14 19:26:12 Golf1 amavis[9159]: Internal decoder for .asc 
Feb 14 19:26:12 Golf1 amavis[9159]: Internal decoder for .uue 
Feb 14 19:26:12 Golf1 amavis[9159]: Internal decoder for .hqx 
Feb 14 19:26:12 Golf1 amavis[9159]: Internal decoder for .ync 
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .Z    at /usr/bin/uncompress
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .gz   at /usr/bin/gzip -d
Feb 14 19:26:13 Golf1 amavis[9159]: Internal decoder for .gz   (backup, not used)
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .lzo  tried: lzop -d
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .cpio at /usr/bin/pax
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .tar  at /usr/bin/pax
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .deb  at /usr/bin/ar
Feb 14 19:26:13 Golf1 amavis[9159]: Internal decoder for .zip 
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .7z   tried: 7zr, 7za, 7z
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .rar  at /usr/bin/unrar
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .arj  at /usr/bin/unarj
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .arc  tried: nomarch, arc
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .zoo  at /usr/bin/zoo
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .lha  tried: lha
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .cab  tried: cabextract
Feb 14 19:26:13 Golf1 amavis[9159]: No decoder for       .tnef tried: tnef
Feb 14 19:26:13 Golf1 amavis[9159]: Internal decoder for .tnef
Feb 14 19:26:13 Golf1 amavis[9159]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/unarj
Feb 14 19:26:13 Golf1 amavis[9159]: Using primary internal av scanner code for ClamAV-clamd
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: KasperskyLab AVP - aveclient
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: KasperskyLab AVPDaemonClient
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: CentralCommand Vexira (new) vascan
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Avira AntiVir
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Command AntiVirus for Linux
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Symantec AntiVirus Scan Engine
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: F-Secure Antivirus for Linux servers
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: CAI InoculateIT
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: CAI eTrust Antivirus
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: MkS_Vir for Linux (beta)
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: MkS_Vir daemon
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: ESET NOD32 Linux Mail Server - command line interface
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: ESET NOD32 for Linux File servers
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Norman Virus Control v5 / Linux
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Panda CommandLineSecure 9 for Linux
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: NAI McAfee AntiVirus (uvscan)
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: VirusBuster
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: CyberSoft VFind
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: avast! Antivirus
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: Ikarus AntiVirus for Linux
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: BitDefender
Feb 14 19:26:13 Golf1 amavis[9159]: No primary av scanner: ArcaVir for Linux
Feb 14 19:26:13 Golf1 amavis[9159]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Feb 14 19:26:13 Golf1 amavis[9159]: No secondary av scanner: FRISK F-Prot Antivirus
Feb 14 19:26:13 Golf1 amavis[9159]: No secondary av scanner: Trend Micro FileScanner
Feb 14 19:26:13 Golf1 amavis[9159]: No secondary av scanner: drweb - DrWeb Antivirus
Feb 14 19:26:13 Golf1 amavis[9159]: No secondary av scanner: Kaspersky Antivirus v5.5
Feb 14 19:26:13 Golf1 amavis[9159]: Using internal spam scanner code for SpamAssassin
Feb 14 19:26:13 Golf1 amavis[9159]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.42, libdb 4.5
Feb 14 19:26:13 Golf1 amavis[9159]: initializing Mail::SpamAssassin
Feb 14 19:26:13 Golf1 amavis[9159]: SpamAssassin debug facilities: info
Feb 14 19:26:16 Golf1 clamd[1836]: Pid file removed.
Feb 14 19:26:16 Golf1 clamd[1836]: --- Stopped at Tue Feb 14 19:26:16 2012
Feb 14 19:26:16 Golf1 clamd[1836]: Socket file removed.
Feb 14 19:26:16 Golf1 clamd[9215]: clamd daemon 0.97.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Feb 14 19:26:16 Golf1 clamd[9215]: Running as user vscan (UID 65, GID 305)
Feb 14 19:26:16 Golf1 clamd[9215]: Log file size limited to 1048576 bytes.
Feb 14 19:26:16 Golf1 clamd[9215]: Reading databases from /var/lib/clamav
Feb 14 19:26:16 Golf1 clamd[9215]: Not loading PUA signatures.
Feb 14 19:26:16 Golf1 clamd[9215]: Bytecode: Security mode set to "TrustSigned".
Feb 14 19:26:34 Golf1 amavis[9159]: SA info: rules: meta test ADVANCE_FEE_3_NEW_FORM has dependency 'ADVANCE_FEE_3_NEW' with a zero score
Feb 14 19:26:34 Golf1 amavis[9159]: SA info: rules: meta test ADVANCE_FEE_3_NEW_MONEY has dependency 'ADVANCE_FEE_3_NEW' with a zero score
Feb 14 19:26:35 Golf1 amavis[9159]: SpamAssassin loaded plugins: AutoLearnThreshold, Bayes, BodyEval, Check, DKIM, DNSEval, FreeMail, HTMLEval, HTTPSMismatch, Hashcash, HeaderEval, ImageInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval, ReplaceTags, SPF, SpamCop, URIDNSBL, URIDetail, URIEval, VBounce, WLBLEval, WhiteListSubject
Feb 14 19:26:35 Golf1 amavis[9159]: SpamControl: init_pre_fork on SpamAssassin done
Feb 14 19:26:35 Golf1 amavis[9159]: extra modules loaded after daemonizing/chrooting: Mail/SpamAssassin/Plugin/FreeMail.pm
Feb 14 19:26:35 Golf1 amavis[9159]: DKIM signature verification disabled, corresponding features not available. If not intentional, consider enabling it by setting: $enable_dkim_verification to 1, or explicitly disable it by setting it to 0 to quench down this warning.
Feb 14 19:26:35 Golf1 amavis[9159]: Net::Server: Beginning prefork (2 processes)
Feb 14 19:26:35 Golf1 amavis[9159]: Net::Server: Starting "2" children
Feb 14 19:26:35 Golf1 amavis[9218]: Net::Server: Child Preforked (9218)
Feb 14 19:26:35 Golf1 amavis[9218]: entered child_init_hook
Feb 14 19:26:35 Golf1 amavis[9219]: Net::Server: Child Preforked (9219)
Feb 14 19:26:35 Golf1 amavis[9159]: Net::Server: Parent ready for children.
Feb 14 19:26:35 Golf1 amavis[9219]: entered child_init_hook
Feb 14 19:26:35 Golf1 amavis[9219]: TIMING [total 68 ms] - bdb-open: 68 (100%)100, rundown: 0 (0%)100
Feb 14 19:26:35 Golf1 amavis[9218]: TIMING [total 84 ms] - bdb-open: 84 (100%)100, rundown: 0 (0%)100
Feb 14 19:26:35 Golf1 amavis[9219]: SpamControl: init_child on SpamAssassin done
Feb 14 19:26:35 Golf1 amavis[9218]: SpamControl: init_child on SpamAssassin done
Feb 14 19:26:44 Golf1 clamd[9215]: Loaded 1054224 signatures.
Feb 14 19:26:46 Golf1 clamd[9215]: TCP: Bound to address 127.0.0.1 on port 3310
Feb 14 19:26:46 Golf1 clamd[9215]: TCP: Setting connection queue length to 200
Feb 14 19:26:46 Golf1 clamd[9215]: LOCAL: Unix socket file /var/lib/clamav/clamd-socket
Feb 14 19:26:46 Golf1 clamd[9215]: LOCAL: Setting connection queue length to 200
Feb 14 19:26:46 Golf1 clamd[9221]: Limits: Global size limit set to 104857600 bytes.
Feb 14 19:26:46 Golf1 clamd[9221]: Limits: File size limit set to 26214400 bytes.
Feb 14 19:26:46 Golf1 clamd[9221]: Limits: Recursion level limit set to 16.
Feb 14 19:26:46 Golf1 clamd[9221]: Limits: Files limit set to 10000.
Feb 14 19:26:46 Golf1 clamd[9221]: Archive support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: Algorithmic detection enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: Portable Executable support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: ELF support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: Mail files support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: OLE2 support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: PDF support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: HTML support enabled.
Feb 14 19:26:46 Golf1 clamd[9221]: Self checking every 600 seconds.
Feb 14 19:26:46 Golf1 dovecot: dovecot: Killed with signal 15 (by pid=9228 uid=0 code=kill)
Feb 14 19:26:47 Golf1 dovecot: Dovecot v1.2.17 starting up (core dumps disabled)
Feb 14 19:26:48 Golf1 dovecot: auth-worker(default): mysql: Connected to localhost (dbispconfig)
Feb 14 19:30:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 14 19:30:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 14 19:30:02 Golf1 postfix/smtpd[9582]: connect from localhost[::1]
Feb 14 19:30:02 Golf1 postfix/smtpd[9582]: lost connection after CONNECT from localhost[::1]
Feb 14 19:30:02 Golf1 postfix/smtpd[9582]: disconnect from localhost[::1]
Feb 14 19:31:41 Golf1 postfix/smtpd[9582]: connect from netacc-gpn-4-242-59.pool.telenor.hu[84.224.242.59]
Feb 14 19:31:43 Golf1 postfix/smtpd[9582]: NOQUEUE: reject: RCPT from netacc-gpn-4-242-59.pool.telenor.hu[84.224.242.59]: 554 5.7.1 <nsuk@crosoer.com>: Relay access denied; from=<Darin@sidif.com> to=<nsuk@crosoer.com> proto=SMTP helo=<netacc-gpn-4-242-59.pool.telenor.hu>
Feb 14 19:31:44 Golf1 postfix/smtpd[9582]: disconnect from netacc-gpn-4-242-59.pool.telenor.hu[84.224.242.59]
Feb 14 20:00:02 Golf1 postfix/smtpd[10957]: lost connection after CONNECT from localhost[::1]
Feb 14 20:00:02 Golf1 postfix/smtpd[10957]: disconnect from localhost[::1]
Feb 14 20:01:12 Golf1 postfix/smtpd[10957]: connect from p4FE85D52.dip.t-dialin.net[79.232.93.82]
Feb 14 20:01:12 Golf1 postfix/smtpd[10957]: NOQUEUE: reject: RCPT from p4FE85D52.dip.t-dialin.net[79.232.93.82]: 554 5.7.1 <452ed750.8080606@crosoer.com>: Relay access denied; from=<brassierirc59@ef-law.com> to=<452ed750.8080606@crosoer.com> proto=ESMTP helo=<ef-law.com>
Feb 14 20:01:12 Golf1 postfix/smtpd[10957]: NOQUEUE: reject: RCPT from p4FE85D52.dip.t-dialin.net[79.232.93.82]: 554 5.7.1 <nsuk@crosoer.com>: Relay access denied; from=<brassierirc59@ef-law.com> to=<nsuk@crosoer.com> proto=ESMTP helo=<ef-law.com>
Feb 14 20:01:12 Golf1 postfix/smtpd[10957]: NOQUEUE: reject: RCPT from p4FE85D52.dip.t-dialin.net[79.232.93.82]: 554 5.7.1 <petgord34truew@crosoer.com>: Relay access denied; from=<brassierirc59@ef-law.com> to=<petgord34truew@crosoer.com> proto=ESMTP helo=<ef-law.com>
Feb 14 20:01:13 Golf1 postfix/smtpd[10957]: disconnect from p4FE85D52.dip.t-dialin.net[79.232.93.82]
Feb 14 20:01:41 Golf1 postfix/smtpd[10957]: connect from p4FE85D52.dip.t-dialin.net[79.232.93.82]
Feb 14 20:02:39 Golf1 postfix/smtpd[10957]: disconnect from p4FE85D52.dip.t-dialin.net[79.232.93.82]
Feb 14 20:05:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 14 20:05:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 14 20:05:02 Golf1 postfix/smtpd[11320]: connect from localhost[::1]
Feb 14 21:10:02 Golf1 postfix/smtpd[13833]: lost connection after CONNECT from localhost[::1]
Feb 14 21:10:02 Golf1 postfix/smtpd[13833]: disconnect from localhost[::1]
eb 14 21:27:08 Golf1 clamd[9221]: SelfCheck: Database status OK.
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: connect from static.233.83.46.78.clients.your-server.de[78.46.83.233]
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: NOQUEUE: reject: RCPT from static.233.83.46.78.clients.your-server.de[78.46.83.233]: 554 5.7.1 <rick@crosoer.com>: Relay access denied; from=<sabri-anbouwen@simpac.co.uk> to=<rick@crosoer.com> proto=SMTP helo=<static.233.83.46.78.clients.your-server.de>
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: NOQUEUE: reject: RCPT from static.233.83.46.78.clients.your-server.de[78.46.83.233]: 554 5.7.1 <siamvi@crosoer.com>: Relay access denied; from=<sabri-anbouwen@simpac.co.uk> to=<siamvi@crosoer.com> proto=SMTP helo=<static.233.83.46.78.clients.your-server.de>
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: NOQUEUE: reject: RCPT from static.233.83.46.78.clients.your-server.de[78.46.83.233]: 554 5.7.1 <wtop@crosoer.com>: Relay access denied; from=<sabri-anbouwen@simpac.co.uk> to=<wtop@crosoer.com> proto=SMTP helo=<static.233.83.46.78.clients.your-server.de>
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: NOQUEUE: reject: RCPT from static.233.83.46.78.clients.your-server.de[78.46.83.233]: 554 5.7.1 <xgq@crosoer.com>: Relay access denied; from=<sabri-anbouwen@simpac.co.uk> to=<xgq@crosoer.com> proto=SMTP helo=<static.233.83.46.78.clients.your-server.de>
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: lost connection after RCPT from static.233.83.46.78.clients.your-server.de[78.46.83.233]
Feb 14 21:29:09 Golf1 postfix/smtpd[14554]: disconnect from static.233.83.46.78.clients.your-server.de[78.46.83.233]
Feb 14 22:53:48 Golf1 postfix/smtpd[17806]: warning: 187.126.64.252: hostname 18712664252.user.veloxzone.com.br verification failed: Name or service not known
Feb 14 22:53:48 Golf1 postfix/smtpd[17806]: connect from unknown[187.126.64.252]
Feb 14 22:53:49 Golf1 postfix/smtpd[17806]: NOQUEUE: reject: RCPT from unknown[187.126.64.252]: 554 5.7.1 <452ea09a.9000602@crosoer.com>: Relay access denied; from=<Amado@digital-musik.de> to=<452ea09a.9000602@crosoer.com> proto=SMTP helo=<18712664252.user.veloxzone.com.br>
Feb 14 22:53:50 Golf1 postfix/smtpd[17806]: NOQUEUE: reject: RCPT from unknown[187.126.64.252]: 554 5.7.1 <jmh711nsuk@crosoer.com>: Relay access denied; from=<Amado@digital-musik.de> to=<jmh711nsuk@crosoer.com> proto=SMTP helo=<18712664252.user.veloxzone.com.br>
Feb 14 22:53:50 Golf1 postfix/smtpd[17806]: NOQUEUE: reject: RCPT from unknown[187.126.64.252]: 554 5.7.1 <rick@crosoer.com>: Relay access denied; from=<Amado@digital-musik.de> to=<rick@crosoer.com> proto=SMTP helo=<18712664252.user.veloxzone.com.br>
Feb 14 22:53:51 Golf1 postfix/smtpd[17806]: disconnect from unknown[187.126.64.252]
Feb 15 00:55:02 Golf1 postfix/smtpd[22598]: lost connection after CONNECT from localhost[::1]
Feb 15 00:55:02 Golf1 postfix/smtpd[22598]: disconnect from localhost[::1]
Feb 15 00:57:09 Golf1 clamd[9221]: SelfCheck: Database status OK.
Feb 15 00:59:38 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<Administrator>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 00:59:38 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<spam>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
eb 15 00:59:45 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<abby>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 00:59:47 Golf1 dovecot: auth-worker(default): mysql: Connected to localhost (dbispconfig)
Feb 15 00:59:48 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<Administrator>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:00 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<agent>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:01 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<alberto>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:01 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<alyssa>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 01:00:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 01:00:02 Golf1 postfix/smtpd[22868]: connect from localhost[::1]
Feb 15 01:00:02 Golf1 postfix/smtpd[22868]: lost connection after CONNECT from localhost[::1]
Feb 15 01:00:02 Golf1 postfix/smtpd[22868]: disconnect from localhost[::1]
Feb 15 01:00:03 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<aaron>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:04 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<amy>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:04 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<alfred>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
b 15 01:00:07 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<alpha>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:07 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<america>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:07 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<amorphic>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:00:07 Golf1 dovecot: auth-worker(default): mysql: Connected to localhost (dbispconfig)
Feb 15 01:00:08 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<abigail>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:23 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<allen>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:23 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<deborah>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:23 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<frank>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:23 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<eve>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:23 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<john>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<austin>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
FFeb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<hayden>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<linda>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:24 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<elaine>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<harris>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<emails>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<mattie>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:25 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<geo>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (no auth attempts): rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<karla>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<gregory>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
Feb 15 01:08:26 Golf1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<lilith>, method=PLAIN, rip=201.210.244.40, lip=192.168.1.14
FFeb 15 09:54:54 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<kanegon@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:54:57 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<kishigami@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:55:00 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<kubota@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:55:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 09:55:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 09:55:02 Golf1 postfix/smtpd[14543]: connect from localhost[::1]
Feb 15 09:55:02 Golf1 postfix/smtpd[14543]: lost connection after CONNECT from localhost[::1]
Feb 15 09:55:02 Golf1 postfix/smtpd[14543]: disconnect from localhost[::1]
Feb 15 09:55:03 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<kuroda@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:55:06 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<motoki@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:55:09 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<oonishi@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:55:12 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:55:13 Golf1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<@co.uk>, method=PLAIN, rip=200.7.160.51, lip=192.168.1.14
Feb 15 09:57:11 Golf1 clamd[9221]: SelfCheck: Database status OK.
Feb 15 10:00:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 10:00:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 10:00:03 Golf1 postfix/smtpd[14752]: connect from localhost[::1]
Feb 15 10:00:03 Golf1 postfix/smtpd[14752]: lost connection after CONNECT from localhost[::1]
Feb 15 10:00:03 Golf1 postfix/smtpd[14752]: disconnect from localhost[::1]
Feb 15 10:00:27 Golf1 postfix/smtpd[14752]: connect from unknown[122.163.16.231]
Feb 15 10:00:29 Golf1 postfix/smtpd[14752]: NOQUEUE: reject: RCPT from unknown[122.163.16.231]: 554 5.7.1 <rick@crosoer.com>: Relay access denied; from=<labialdissertation@elsevier.com> to=<rick@crosoer.com> proto=SMTP helo=<manoj3cb87e10e>
Feb 15 10:00:29 Golf1 postfix/smtpd[14752]: lost connection after RCPT from unknown[122.163.16.231]
Feb 15 10:00:29 Golf1 postfix/smtpd[14752]: disconnect from unknown[122.163.16.231]
Feb 15 10:00:33 Golf1 postfix/smtpd[14752]: connect from unknown[121.15.4.201]
Feb 15 10:00:34 Golf1 postfix/smtpd[14752]: NOQUEUE: reject: RCPT from unknown[121.15.4.201]: 554 5.7.1 <452ebf2d.6090008@crosoer.com>: Relay access denied; from=<beverleyzg6@taupower.se> to=<452ebf2d.6090008@crosoer.com> proto=ESMTP helo=<[121.15.4.201]>
Feb 15 10:00:34 Golf1 postfix/smtpd[14752]: disconnect from unknown[121.15.4.201]
Feb 15 10:03:54 Golf1 postfix/anvil[14802]: statistics: max connection rate 1/60s for (smtp:122.163.16.231) at Feb 15 10:00:27
Feb 15 10:03:54 Golf1 postfix/anvil[14802]: statistics: max connection count 1 for (smtp:122.163.16.231) at Feb 15 10:00:27
Feb 15 10:03:54 Golf1 postfix/anvil[14802]: statistics: max cache size 2 at Feb 15 10:00:33
Feb 15 10:05:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 10:05:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 10:05:02 Golf1 postfix/smtpd[14966]: connect from localhost[::1]
Feb 15 10:05:02 Golf1 postfix/smtpd[14966]: lost connection after CONNECT from localhost[::1]
Feb 15 10:05:02 Golf1 postfix/smtpd[14966]: disconnect from localhost[::1]
Feb 15 10:06:31 Golf1 postfix/smtpd[14966]: connect from unknown[117.207.91.54]
Feb 15 12:29:53 Golf1 postfix/smtpd[20797]: NOQUEUE: reject: RCPT from unknown[77.208.201.0]: 554 5.7.1 <452ed750.8080606@crosoer.com>: Relay access denied; from=<kathy49@realliving.com> to=<452ed750.8080606@crosoer.com> proto=ESMTP helo=<[77.208.201.0]>
Feb 15 12:29:53 Golf1 postfix/smtpd[20797]: NOQUEUE: reject: RCPT from unknown[77.208.201.0]: 554 5.7.1 <nsuk@crosoer.com>: Relay access denied; from=<kathy49@realliving.com> to=<nsuk@crosoer.com> proto=ESMTP helo=<[77.208.201.0]>
Feb 15 12:29:53 Golf1 postfix/smtpd[20797]: NOQUEUE: reject: RCPT from unknown[77.208.201.0]: 554 5.7.1 <petgord34truew@crosoer.com>: Relay access denied; from=<kathy49@realliving.com> to=<petgord34truew@crosoer.com> proto=ESMTP helo=<[77.208.201.0]>
Feb 15 12:29:53 Golf1 postfix/smtpd[20797]: disconnect from unknown[77.208.201.0]
Feb 15 12:29:54 Golf1 postfix/smtpd[20797]: connect from unknown[77.208.201.0]
Feb 15 12:29:54 Golf1 postfix/smtpd[20797]: NOQUEUE: reject: RCPT from unknown[77.208.201.0]: 554 5.7.1 <rick@crosoer.com>: Relay access denied; from=<canting786@iicbelgium.com> to=<rick@crosoer.com> proto=ESMTP helo=<[77.208.201.0]>
Feb 15 12:29:54 Golf1 postfix/smtpd[20797]: NOQUEUE: reject: RCPT from unknown[77.208.201.0]: 554 5.7.1 <siamvi@crosoer.com>: Relay access denied; from=<canting786@iicbelgium.com> to=<siamvi@crosoer.com> proto=ESMTP helo=<[77.208.201.0]>
Feb 15 12:29:54 Golf1 postfix/smtpd[20797]: disconnect from unknown[77.208.201.0]
Feb 15 12:30:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 12:35:02 Golf1 postfix/smtpd[21053]: connect from localhost[::1]
Feb 15 12:35:02 Golf1 postfix/smtpd[21053]: lost connection after CONNECT from localhost[::1]
Feb 15 12:35:02 Golf1 postfix/smtpd[21053]: disconnect from localhost[::1]
Feb 15 12:37:12 Golf1 clamd[9221]: SelfCheck: Database status OK.
Feb 15 12:40:03 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 12:40:03 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 12:40:03 Golf1 postfix/smtpd[21238]: connect from localhost[::1]
Feb 15 12:40:03 Golf1 postfix/smtpd[21238]: lost connection after CONNECT from localhost[::1]
Feb 15 12:40:03 Golf1 postfix/smtpd[21238]: disconnect from localhost[::1]
Feb 15 12:45:02 Golf1 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 12:45:02 Golf1 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Feb 15 12:45:03 Golf1 postfix/smtpd[21452]: connect from localhost[::1]
Feb 15 12:45:03 Golf1 postfix/smtpd[21452]: lost connection after CONNECT from localhost[::1]
Feb 15 12:45:03 Golf1 postfix/smtpd[21452]: disconnect from localhost[::1]
Reply With Quote