We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

I am using mail server on RHEL 5 with Webmail on Squirrel mail and sendmail and found some log. Does it mean any attack on my server?

aloknet21
aloknet21 asked
on
Medium Priority
983 Views
Last Modified: 2013-12-18
I am using mail server on RHEL 5 with Webmail on Squirrel mail and sendmail and found some log. Does it mean any attack on my server?
I have found this log at Mail Server. Does it mean any attack on my server?
 
dovecot:
    Authentication Failures:
        rhost=::ffff:10.50.0.2 : 125 Time(s)
       root: 9 Time(s)
       sales: 3 Time(s)
       adm: 1 Time(s)
       apache: 1 Time(s)
       backup: 1 Time(s)
       bin: 1 Time(s)
       clamav: 1 Time(s)
       daemon: 1 Time(s)
       ftp: 1 Time(s)
       games: 1 Time(s)
       gopher: 1 Time(s)
       halt: 1 Time(s)
       lp: 1 Time(s)
       mail: 1 Time(s)
       mailnull: 1 Time(s)
       mysql: 1 Time(s)
       news: 1 Time(s)
       nfsnobody: 1 Time(s)
       nobody: 1 Time(s)
       operator: 1 Time(s)
       postgres: 1 Time(s)
       rpc: 1 Time(s)
       rpcuser: 1 Time(s)
       rpm: 1 Time(s)
       shutdown: 1 Time(s)
       smmsp: 1 Time(s)
       sshd: 1 Time(s)
       sync: 1 Time(s)
       uucp: 1 Time(s)
    Unknown Entries:
       check pass; user unknown: 125 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 
 
 
 --------------------- Connections (secure-log) Begin ------------------------ 
 
 
 **Unmatched Entries**
 webmin[14051]: Successful login as root from 10.50.1.6 
 webmin[15142]: Logout by root from 10.50.1.6 
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
staff
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
administrator
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
recruit
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
alias
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
office
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
samba
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
tomcat
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
webadmin
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
spam
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
virus
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
cyrus
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
oracle
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
michael
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
test
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
webmaster
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
postmaster
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
postfix
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
paul
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
guest
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
admin
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
linux
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
user
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
david
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
web
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
pgsql
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
info
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
tony
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
core
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
newsletter
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
named
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
visitor
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
ftpuser
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
username
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
administrator
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
library
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
test
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
admin
 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user
guest

Open in new window

Comment
Watch Question

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you very much.

Jar if you remember i have asked some question about mail goes to spam folder at yahoo and gmail.

My ISP has cleared all blacklisted from their side and i put a question at yahoo they have suggested some tips too but need your help too please see their response here.

> 1. The specific domain name and IP address(es) of the email machines
> that experienced the delivery issue when trying to send to Yahoo! Mail.
>
>   IP address:                   61.16.236.205
>   Domain name:                  mail.glyphinternational.com
>   DNS shows:                    [No host name is associated with this
> IP address]
>
> 2. The results of a DNS & RDNS query for the mail server with delivery
> issues showing that you are resolving IP and domain name correctly.
> Your mail server IP reverse DNS should reflect your domain in the name.
>
> Please review the following link for assistance in correct configuration
> of SMTP and DNS:
>
>   http://www.saas.nsw.edu.au/solutions/dns.html
>
> The server should have a fully qualified hostname (FQDN).  The hostname
> should resolve to an A record. (DNS) The IP address should resolve to
> the server domain name.(RDNS)  The MX record for the domain for which
> you wish to receive mail should point to the domain name of your
> dedicated mail server.  There should be a PTR record for the IP address
> of your server.
>
> We greatly appreciate your assistance and patience.
>
> Thank you again for contacting Yahoo! Mail. Your case number for this
> issue is 62072053. Please reference it in all future communication about
> this particular issue.
>
> Regards,
>
> Ashlar
>
> Yahoo! Customer Care

Author

Commented:
Helpful
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.