Software :: "You Are Not Allowed To Connect" Messages In Maillog File?
Jun 9, 2011
I have been finding a lot of "You are Not allowed to connect" messages in my maillog file.
and the email addresses are not in my forum database. I've check my server for rootkits and there are none installed and I've also used mxtoolbox to test my server as an open relay and it says it's not an open relay. however I am seeing bounces that show 'relay' and I wonder exactly what I'm looking at and and asking for some help in identifying the nature of these emails. here's a few examples and they seem to come in 'spurts" when I'm tailing the maillog file. there's never anything waiting in the queue to be delivered.
Jun 9 15:12:29 mysite postfix/smtp[13642]: 51EA914B90DE: to=<jake@jvanderlaan.110mb.com>, relay=none, delay=172540, delays=172538/0.98/0.32/0, dsn=4.4.1, status=deferred (connect to jvanderlaan.110mb.com[64.191.15.246]: Connection refused)
Jun 9 15:12:29 mysite postfix/smtp[13610]: 9D84914B8186: to=<jake@jvanderlaan.110mb.com>, relay=none, delay=56434, delays=56433/1/0.28/0, dsn=4.4.1, status=deferred (connect to jvanderlaan.110mb.com[64.191.15.246]: Connection refused)
Jun 9 15:12:29 mysite postfix/smtp[13613]: 70ECC14B812A: host
All clients on the LAN, have to have their /etc/hosts file edited for my server to resolve their hostnames/LAN ip addresses. Both Windows/Mac/Linux. That shouldn't be necessary as all other stanzas are correct. If the hosts file is not ammended my maillog shows connect from unknown rip="my_external_address" when in fact it should say connect from "host" rip=192.168.0.20 Not to sure if it is an iptables issue as I have nothing for this configuration. /etc/hosts file on the server has all required hostnames and ip addresses
In the firewall, I opened port 5900 for TCP traffic. Now the console is displaying packet information whenever a connection is made. Why does it send a message to stdout/stderr for an allowed connection? How can I stop it? Logging level is set to critical only, and not-accepted packets should only be logged for the internal and DMZ zones.
I am using centos server, i delete and touch maillog file in /var/log/maillog but every other days it gets about 3 - 4GB please help how can i stop this
log are like this
Code:
Jun 27 04:23:09 localhost postfix/smtpd[25765]: warning: not enough free space in mail queue: 0 bytes < 1.5*message size limit Jun 27 04:23:10 localhost postfix/smtpd[25765]: lost connection after MAIL from unknown[200.74.196.82] Jun 27 04:23:10 localhost postfix/cleanup[25987]: 3F8E110011: message-id=<20100627032310.3F8E110011@localhost.bgssuk.com> Jun 27 04:23:10 localhost postfix/cleanup[25987]: warning: 3F8E110011: write queue file: No space left on device
I installed and configured a squid transparent proxy on my linux os at work. Also it is veryslow but every thing is ok while I do not try to use port 443,so when I try to use sites like mail.yahoo.com or other which are using https(443) port and the method used is CONNECT I see some errors in access.log like:
While reading some papers on securing apache with selinux, I have tried to bind httpd to port 3000 expecting to be blocked by the selinux, since port tcp 3000 isn't on the http_port_t list. However I was able to start the service...
I'm preety sure selinux is enforcing. Also, if I bind httpd to tcp 81 selinux denies the start of the service, as expected!Did I miss something? Why is httpd allowed to start binded to a port that's not explicitly allowed?
I have a problem where I have certain foo.tgz files that are to big to gunzip in a directory, the box that it is on has limited space in /var/tmp for all intents and purposes. I did the standard gunzip -l to see how big the file was.
How can I look in the .tgz to see what files are there and pull out only the ones that I need. tar -t foo.tgz doesn't seem to work or am I doing something wrong?
Once I do find the file how do I only extract the one file from the .tgz, remember I can't uncompress the entire foo.tgz
I tried Suse five or six years ago and ran into an issue that was not comfortable to work with so I went back to windows. The problem was open spaces between words was not permitted with my music files. I have transferred all of my CDs and LPs to MP3 and have a tremendous number of them and the Suse of five years ago required I convert a title like Foggy Mountain Special.mp3 into something resembling Foggy_Mountain_Special.mp3
I don't care to convert literally a hundred thousand titles to fit the latter format. Does the current version of Suse allow the use of spaces between the words or is the 'no open space' convention still required?
Situation as follows: i do su to root, then i create admin file with
cat > adminfile then i exit from root issuing exit command i can see following adminfile options -rw-r--r-- 1 root root 10 2010-06-16 16:25 adminfile however, after executing rm adminfile it really gets removed -rw-r--r-- 1 root root 10 2010-06-16 16:25 adminfile
[Code]...
As i see it - others have only read permision for that file so they shouldnot be able to remove it.. :/
i contacted my datacenter and they say it is a browser error
but i contact some1 els and he says it isnt a browser error so he asked me to check the log files
this is what i found in my log files
[Sun Feb 21 16:36:01 2010] [error] [client xxx.xxx.xxx.xxx] Symbolic link not allowed: /home/server/public_html/files/8/9x7s9tjosopkzb/rzr-prot - BoosterKing - .iso as you see , it says not allowed
but for files smaller then 4GB is it fine (i tryed it out to 1 GB files and they are fine )
the script i use is a download script and it creates symbolic links to hide the real location of the file and to limit the download to 1 ip only (its a download script :P)
Its my first post in here so please be patient I am trying to use regex in perl script to detect allowed words from the file and then print output to the screen.
As an example : I have text file with orders and returns :
My question: is it possible to make sure that i am ony outputing to the screen orders based on few conditions like Item,order form e.g. online.And is it possible to have multiple matches (Item2 only diplay if ordered online etc)
i am getting the following error at maillog while i try to enable emailing on Zabbix server
tail /var/log/maillog May 14 10:03:19 localhost sendmail[21522]: o4H63J8U021522: monitor-xxxxx.com [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
When i logged into my desktop, i got a notification that said there was boot messages. I remember trying to find this before in /var/log, so that i could investigate why i couldn't get the nvidia drivers to work (which i now know is because i'm using 14-beta, which has a debugging kernel), but couldn't find it.
I am facing an issue with my syslog server. The server is collecting remote log also. and the issue is no log messages are updated in /var/log/messages file. But other files are getting updated.
[root@Server1 ~]# cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen.
I have a syslog-ng running and kernel build of 2.6.34.8 I use a syslog API in my program with facility LOG_LOCAL5 and and levels debug err and crit and info. when I ran on the older syslog facility I had everything logged fine as I intended. now I have written these rules into the syslog-ng.conf:
Generally SSH related log messages are logged in /var/log/messages file. Is there a way to log them in another different file? I mean is there some configuration setting to enable this?
I am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
I have a samba file server that has Windows XP machines connecting to it. Fairly regularly, I get messages such as the following. Are these anything to worry about? What do they mean? Nobody ever has problems with disconnecting or losing their mapped drive or their desktop shortcut not working.
Code: Nov 15 15:37:21 servername smbd[27516]: [2010/11/15 15:37:21, 0] lib/util_sock.c:read_socket_data(384) Nov 15 15:37:21 servername smbd[27516]: read_socket_data: recv failure for 4. Error = No route to host
I've just configured my Linksys RVS-4000 router to syslog messages to remote syslogd server (i.e. my CentOS5 machine). Redirecting messages was easy, but now I'm having difficulties to redirect those same messages received from Linksys to a separate log file. By default, all these messages are logged to /var/log/messages, and after browsing manual pages for syslog, syslog.conf, and syslogd, came to suspect that what I want isn't possible.
i've been using some subliminal software on windows for a while now and have found it to be really good. It basically just flashes up a message on screen over the top of whatever is going on at that time but the message is only there for about 30 milli seconds
The message is not there long enough for your conscious mind to read it but the theory is that your subconscious mind will read it.It actually works really well. THe problem is that they dont package a linux version although they do have an OSX version, i'd really like this on ubuntu.
Tried it in wine and it installs but nothing happens after that. Alternatively perhaps somebody can tell me how you could get a message to flash up on screen based on a list of messages in a text file?
is it possible to log the command output's history that are previously printed messages in the terminal to a file? that is the first command output when i first opened terminal through the last command.
Here the description of the issue I am having.I am writing a bash test script which reads lines from a file, builds ISO messages, sends them to a server, reads the response with response code and reports the result of the test to a file or on the screen.The message that I need to send is 94 characters long.Here's the portion of a code that I initially wrote:
#~ Open socket. exec 3<>/dev/tcp/172.26.0.25/9991 #~ Send msg.
I am running CentOS 5.4 and Postfix. So when I start Postfix server than immediately maillog is starting to grow. And the first lines that I see in it are:
[Code]...
Server is already in several blacklists and I desperately need to do something.
