LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices



Reply
 
Search this Thread
Old 02-09-2004, 04:47 PM   #1
jimi_j
Member
 
Registered: Jan 2004
Distribution: CentOS
Posts: 30

Rep: Reputation: Disabled
sendmail logwatch interpretation


hello there, just wondering what some of the entries in the logwatch for our email server might mean...I’ve spent a good hour trawling the net looking for explanations of certain fields...I’m particularly interested in the **Unmatched Entries** & Unknown Users. What are these fields trying to tell me when they collect information??

“’xcuse me I’m new in town”
 
Old 02-22-2004, 01:19 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
If you provide more details like the full output of the logs, it might be easier to determine what they mean or what your mail server is logging.
 
Old 03-07-2004, 08:19 PM   #3
jimi_j
Member
 
Registered: Jan 2004
Distribution: CentOS
Posts: 30

Original Poster
Rep: Reputation: Disabled
hi there , here’s one of the daily logs, it a bit long but i am curious as to why so many entries under the **Unmatched Entries** in sendmails section. any thoughts on this would be appreciated.

thanks

################### LogWatch 4.3.1 (01/13/03) ####################
Processing Initiated: Fri Mar 5 04:02:11 2004
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: ################################################################

--------------------- ftpd-xferlog Begin ------------------------

TOTAL KB OUT: 90KB (0MB)
TOTAL KB IN: 90KB (0MB)

---------------------- ftpd-xferlog End -------------------------


--------------------- proftpd-messages Begin ------------------------


**Unmatched Entries**
musiccarriers.co.nz (61.54.75.54[61.54.75.54]) - no such user 'anonymous@ftp.microsoft.com'

---------------------- proftpd-messages End -------------------------





--------------------- sendmail Begin ------------------------



4 messages returned after 4 hours

Unknown users:
competitions@nz.playstation.com: 4 Times(s)
completition@nz.playstation.com: 1 Times(s)


Unknown hosts:
hoteladm.com: 1 Times(s)
ms51.hinet.com: 1 Times(s)
pinnacle-hospitality.com.au: 1 Times(s)


Did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA:
68.166.12.184 : 1 Time(s)
213.190.44.53 : 1 Time(s)
81.136.210.248 : 1 Time(s)
81.133.161.138 : 1 Time(s)

**Unmatched Entries**
<"Sarah" <sarah@togethercollection.com>>... User unknown: 286 Time(s)
<"Jess Liz Nat Susie Katie and Michele" <michele_bucher@mail.mtwp.k12.pa.us; elizabeth.moyer@hewitt.com; JessicaHoward3@aol.com; ktdut@hotmai>>... Invalid route address: 276 Time(s)
<"Phil & Vicky" <vwong@didcotgirls.oxon.sch.uk;phillip.wong@groupgti.com>>... Invalid route address: 276 Time(s)
<"Holly and Denise" <HDevoto@aol.com Flbdab@aol.com>>... Invalid route address: 276 Time(s)
<"Tony and Gail" <tonyp8600@yahoo.com;GailPao@cs.com>>... Invalid route address: 276 Time(s)
<"Friends" <cagnell@austin.rr.com; reesej@bible.acu.edu; msajeffrey@charter.net>>... Invalid route address: 276 Time(s)
<"Ida Trish and Barb" <IDATROP6@aol.com ROBYNNEST@worldnet.att.net Pjmontini@aol.com>>... Invalid route address: 276 Time(s)
<"Annie and Tom" <ann.white@bofasecurities.com twcreate@cybernex.net>>... Invalid route address: 276 Time(s)
<"Papi Abuelo" <tina@ahora.net; mariel.rodriguez@DoralBank.com;RodrigS@wyeth.com;carito@ahora.net>>... Invalid route address: 275 Time(s)
<"Lisa and Sally" <lisa.willis@qr.com.au Sally.willis@qtcu.com.au>>... Invalid route address: 275 Time(s)
<"Vane y Mariela" <marielat3@aol.com;vatocoed@zonai.com>>... Invalid route address: 275 Time(s)
ruleset=check_relay, arg1=155.86.215.220.ap.yournet.ne.jp, arg2=220.215.86.155, relay=155.86.215.220.ap.yournet.ne.jp [220.215.86.155], reject=550 5.7.1 Rejected: 220.215.86.155 listed at dnsbl.sorbs.net: 30 Time(s)
daemon MTA: problem creating SMTP socket: 18 Time(s)
SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use: 18 Time(s)
ruleset=check_relay, arg1=js1.joyfulsavings.com, arg2=207.134.163.199, relay=js1.joyfulsavings.com [207.134.163.199], reject=550 5.7.1 Rejected: 207.134.163.199 listed at sbl-xbl.spamhaus.org: 10 Time(s)
ruleset=check_relay, arg1=sfd1.smiles4udeals.com, arg2=207.134.163.192, relay=sfd1.smiles4udeals.com [207.134.163.192], reject=550 5.7.1 Rejected: 207.134.163.192 listed at sbl-xbl.spamhaus.org: 7 Time(s)
ruleset=check_relay, arg1=smtp1.clear.net.nz, arg2=203.97.33.27, relay=smtp1.clear.net.nz [203.97.33.27], reject=550 5.7.1 Rejected: 203.97.33.27 listed at dnsbl.sorbs.net: 4 Time(s)
ruleset=check_relay, arg1=dialup105.nakasi.as3.is.com.fj, arg2=202.62.127.168, relay=dialup105.nakasi.as3.is.com.fj [202.62.127.168], reject=550 5.7.1 Rejected: 202.62.127.168 listed at dnsbl.sorbs.net: 3 Time(s)
ruleset=check_relay, arg1=so1.smilesoffer.com, arg2=207.134.163.194, relay=so1.smilesoffer.com [207.134.163.194], reject=550 5.7.1 Rejected: 207.134.163.194 listed at sbl-xbl.spamhaus.org: 3 Time(s)
ruleset=check_relay, arg1=jd1.jogdog.com, arg2=207.134.163.99, relay=jd1.jogdog.com [207.134.163.99], reject=550 5.7.1 Rejected: 207.134.163.99 listed at sbl-xbl.spamhaus.org: 2 Time(s)
ruleset=check_relay, arg1=fofa1.funofferz4all.com, arg2=207.134.163.100, relay=fofa1.funofferz4all.com [207.134.163.100], reject=550 5.7.1 Rejected: 207.134.163.100 listed at sbl-xbl.spamhaus.org: 2 Time(s)
discarded: 2 Time(s)
ruleset=check_relay, arg1=gad1.greatamericandealz.com, arg2=207.134.163.39, relay=gad1.greatamericandealz.com [207.134.163.39], reject=550 5.7.1 Rejected: 207.134.163.39 listed at sbl-xbl.spamhaus.org: 2 Time(s)
ruleset=check_relay, arg1=216-160-192-3.phnx.qwest.net, arg2=216.160.192.3, relay=216-160-192-3.phnx.qwest.net [216.160.192.3], reject=550 5.7.1 Rejected: 216.160.192.3 listed at dnsbl.sorbs.net: 2 Time(s)
ruleset=check_relay, arg1=138.225.186.195.cust.bluewin.ch, arg2=195.186.225.138, relay=138.225.186.195.cust.bluewin.ch [195.186.225.138] (may be forged), reject=550 5.7.1 Rejected: 195.186.225.138 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=sw74-224-121.adsl.seed.net.tw, arg2=211.74.224.121, relay=sw74-224-121.adsl.seed.net.tw [211.74.224.121], reject=550 5.7.1 Rejected: 211.74.224.121 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=bgm-24-95-140-224.stny.rr.com, arg2=24.95.140.224, relay=bgm-24-95-140-224.stny.rr.com [24.95.140.224], reject=550 5.7.1 Rejected: 24.95.140.224 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=host132.cashclaim.net, arg2=64.201.117.132, relay=host132.cashclaim.net [64.201.117.132], reject=550 5.7.1 Rejected: 64.201.117.132 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[218.13.101.33], arg2=218.13.101.33, relay=[218.13.101.33], reject=550 5.7.1 Rejected: 218.13.101.33 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=bm-3a.paradise.net.nz, arg2=202.0.58.22, relay=bm-3a.paradise.net.nz [202.0.58.22], reject=550 5.7.1 Rejected: 202.0.58.22 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=host198.discounts2go.com, arg2=66.54.93.198, relay=host198.discounts2go.com [66.54.93.198], reject=550 5.7.1 Rejected: 66.54.93.198 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[218.200.166.9], arg2=218.200.166.9, relay=[218.200.166.9], reject=550 5.7.1 Rejected: 218.200.166.9 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=evrtwa1-ar4-4-35-106-252.evrtwa1.elnk.dsl.genuity.net, arg2=4.35.106.252, relay=evrtwa1-ar4-4-35-106-252.evrtwa1.elnk.dsl.genuity.net [4.35.106.252], reject=550 5.7.1 Rejected: 4.35.106.252 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[194.132.65.20], arg2=194.132.65.20, relay=[194.132.65.20], reject=550 5.7.1 Rejected: 194.132.65.20 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=mail6.optinmaildomain.com, arg2=69.6.40.14, relay=mail6.optinmaildomain.com [69.6.40.14], reject=550 5.7.1 Rejected: 69.6.40.14 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_mail, arg1=<spyware.e261me@try4free.net>, relay=localhost [127.0.0.1] (may be forged), discard: 1 Time(s)
ruleset=check_relay, arg1=LL-61-66-17-208.LL.sparqnet.net, arg2=61.66.17.208, relay=LL-61-66-17-208.LL.sparqnet.net [61.66.17.208], reject=550 5.7.1 Rejected: 61.66.17.208 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=modem-2275.bonobo.dialup.pol.co.uk, arg2=217.134.56.227, relay=modem-2275.bonobo.dialup.pol.co.uk [217.134.56.227], reject=550 5.7.1 Rejected: 217.134.56.227 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=universe190.globaldial.com, arg2=202.74.163.190, relay=universe190.globaldial.com [202.74.163.190], reject=550 5.7.1 Rejected: 202.74.163.190 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[203.82.168.133], arg2=203.82.168.133, relay=[203.82.168.133], reject=550 5.7.1 Rejected: 203.82.168.133 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=sl1.sandlight.net, arg2=207.134.163.106, relay=sl1.sandlight.net [207.134.163.106], reject=550 5.7.1 Rejected: 207.134.163.106 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=d123158.upc-d.chello.nl, arg2=213.46.123.158, relay=d123158.upc-d.chello.nl [213.46.123.158], reject=550 5.7.1 Rejected: 213.46.123.158 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host38.finddirectdeals.com, arg2=64.201.126.38, relay=host38.finddirectdeals.com [64.201.126.38], reject=550 5.7.1 Rejected: 64.201.126.38 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host133.approveddeals.com, arg2=66.117.28.133, relay=host133.approveddeals.com [66.117.28.133], reject=550 5.7.1 Rejected: 66.117.28.133 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=CA03F0C9.dialup.mana.pf, arg2=202.3.240.201, relay=CA03F0C9.dialup.mana.pf [202.3.240.201], reject=550 5.7.1 Rejected: 202.3.240.201 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[199.40.205.253], arg2=199.40.205.253, relay=[199.40.205.253], reject=550 5.7.1 Rejected: 199.40.205.253 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[218.25.10.3], arg2=218.25.10.3, relay=[218.25.10.3], reject=550 5.7.1 Rejected: 218.25.10.3 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=go1.grandofferz.com, arg2=207.134.163.202, relay=go1.grandofferz.com [207.134.163.202], reject=550 5.7.1 Rejected: 207.134.163.202 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=210-54-78-4.dialup.xtra.co.nz, arg2=210.54.78.4, relay=210-54-78-4.dialup.xtra.co.nz [210.54.78.4], reject=550 5.7.1 Rejected: 210.54.78.4 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=mail10.optinmaildomain.com, arg2=69.6.40.18, relay=mail10.optinmaildomain.com [69.6.40.18], reject=550 5.7.1 Rejected: 69.6.40.18 listed at sbl-xbl.spamhaus.org: 1 Time(s)
DSN: User unknown: 1 Time(s)
ruleset=check_relay, arg1=node-c-d398.a2000.nl, arg2=62.194.211.152, relay=node-c-d398.a2000.nl [62.194.211.152], reject=550 5.7.1 Rejected: 62.194.211.152 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=mail4.optinmaildomain.com, arg2=69.6.40.12, relay=mail4.optinmaildomain.com [69.6.40.12], reject=550 5.7.1 Rejected: 69.6.40.12 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=203-96-99-68.dialup.xtra.co.nz, arg2=203.96.99.68, relay=203-96-99-68.dialup.xtra.co.nz [203.96.99.68], reject=550 5.7.1 Rejected: 203.96.99.68 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=210-86-45-199.dialup.xtra.co.nz, arg2=210.86.45.199, relay=210-86-45-199.dialup.xtra.co.nz [210.86.45.199], reject=550 5.7.1 Rejected: 210.86.45.199 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=KH222-156-78-32.adsl.pl.apol.com.tw, arg2=222.156.78.32, relay=KH222-156-78-32.adsl.pl.apol.com.tw [222.156.78.32] (may be forged), reject=550 5.7.1 Rejected: 222.156.78.32 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=mail5.optinmaildomain.com, arg2=69.6.40.13, relay=mail5.optinmaildomain.com [69.6.40.13], reject=550 5.7.1 Rejected: 69.6.40.13 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[203.94.248.85], arg2=203.94.248.85, relay=[203.94.248.85], reject=550 5.7.1 Rejected: 203.94.248.85 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host125.samplesdirect.net, arg2=66.117.30.125, relay=host125.samplesdirect.net [66.117.30.125], reject=550 5.7.1 Rejected: 66.117.30.125 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=APlessis-Bouchard-105-1-1-181.w80-11.abo.wanadoo.fr, arg2=80.11.118.181, relay=APlessis-Bouchard-105-1-1-181.w80-11.abo.wanadoo.fr [80.11.118.181], reject=550 5.7.1 Rejected: 80.11.118.181 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=Jamie.cpe.leeds.al.charter.com, arg2=68.185.148.8, relay=Jamie.cpe.leeds.al.charter.com [68.185.148.8] (may be forged), reject=550 5.7.1 Rejected: 68.185.148.8 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[218.17.220.18], arg2=218.17.220.18, relay=[218.17.220.18], reject=550 5.7.1 Rejected: 218.17.220.18 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host245.extremepricecuts.net, arg2=64.201.120.245, relay=host245.extremepricecuts.net [64.201.120.245], discard: 1 Time(s)
ruleset=check_relay, arg1=adsl-208-189-83-117.dsl.rcsntx.swbell.net, arg2=208.189.83.117, relay=adsl-208-189-83-117.dsl.rcsntx.swbell.net [208.189.83.117], reject=550 5.7.1 Rejected: 208.189.83.117 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_mail, arg1=<sun.c889me@extremepricecuts.net>, relay=host245.extremepricecuts.net [64.201.120.245], discard: 1 Time(s)
ruleset=check_relay, arg1=adsl-68-123-167-190.dsl.lsan03.pacbell.net, arg2=68.123.167.190, relay=adsl-68-123-167-190.dsl.lsan03.pacbell.net [68.123.167.190], reject=550 5.7.1 Rejected: 68.123.167.190 listed at dnsbl.sorbs.net: 1 Time(s)

---------------------- sendmail End -------------------------


###################### LogWatch End #########################
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
logwatch - sendmail unknow users twk Linux - Security 1 06-28-2005 07:25 PM
tcpdump interpretation unixbrain Linux - Networking 7 04-28-2004 05:37 AM
Sendmail logwatch barrys Red Hat 0 12-23-2003 06:13 AM
2.4.18 Crash interpretation: Known problem? svar Linux - General 2 09-17-2003 01:42 AM
sendmail logwatch miguel Linux - General 1 11-08-2002 03:28 PM


All times are GMT -5. The time now is 02:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration