LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   sendmail logwatch interpretation (https://www.linuxquestions.org/questions/red-hat-31/sendmail-logwatch-interpretation-144169/)

jimi_j 02-09-2004 03:47 PM
sendmail logwatch interpretation
 
hello there, just wondering what some of the entries in the logwatch for our email server might mean...I’ve spent a good hour trawling the net looking for explanations of certain fields...I’m particularly interested in the **Unmatched Entries** & Unknown Users. What are these fields trying to tell me when they collect information??

“’xcuse me I’m new in town”

trickykid 02-22-2004 12:19 PM
If you provide more details like the full output of the logs, it might be easier to determine what they mean or what your mail server is logging.

jimi_j 03-07-2004 07:19 PM
hi there , here’s one of the daily logs, it a bit long but i am curious as to why so many entries under the **Unmatched Entries** in sendmails section. any thoughts on this would be appreciated.

thanks

################### LogWatch 4.3.1 (01/13/03) ####################
Processing Initiated: Fri Mar 5 04:02:11 2004
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: ################################################################

--------------------- ftpd-xferlog Begin ------------------------

TOTAL KB OUT: 90KB (0MB)
TOTAL KB IN: 90KB (0MB)

---------------------- ftpd-xferlog End -------------------------


--------------------- proftpd-messages Begin ------------------------


**Unmatched Entries**
musiccarriers.co.nz (61.54.75.54[61.54.75.54]) - no such user 'anonymous@ftp.microsoft.com'

---------------------- proftpd-messages End -------------------------





--------------------- sendmail Begin ------------------------



4 messages returned after 4 hours

Unknown users:
competitions@nz.playstation.com: 4 Times(s)
completition@nz.playstation.com: 1 Times(s)


Unknown hosts:
hoteladm.com: 1 Times(s)
ms51.hinet.com: 1 Times(s)
pinnacle-hospitality.com.au: 1 Times(s)


Did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA:
68.166.12.184 : 1 Time(s)
213.190.44.53 : 1 Time(s)
81.136.210.248 : 1 Time(s)
81.133.161.138 : 1 Time(s)

**Unmatched Entries**
<"Sarah" <sarah@togethercollection.com>>... User unknown: 286 Time(s)
<"Jess Liz Nat Susie Katie and Michele" <michele_bucher@mail.mtwp.k12.pa.us; elizabeth.moyer@hewitt.com; JessicaHoward3@aol.com; ktdut@hotmai>>... Invalid route address: 276 Time(s)
<"Phil & Vicky" <vwong@didcotgirls.oxon.sch.uk;phillip.wong@groupgti.com>>... Invalid route address: 276 Time(s)
<"Holly and Denise" <HDevoto@aol.com Flbdab@aol.com>>... Invalid route address: 276 Time(s)
<"Tony and Gail" <tonyp8600@yahoo.com;GailPao@cs.com>>... Invalid route address: 276 Time(s)
<"Friends" <cagnell@austin.rr.com; reesej@bible.acu.edu; msajeffrey@charter.net>>... Invalid route address: 276 Time(s)
<"Ida Trish and Barb" <IDATROP6@aol.com ROBYNNEST@worldnet.att.net Pjmontini@aol.com>>... Invalid route address: 276 Time(s)
<"Annie and Tom" <ann.white@bofasecurities.com twcreate@cybernex.net>>... Invalid route address: 276 Time(s)
<"Papi Abuelo" <tina@ahora.net; mariel.rodriguez@DoralBank.com;RodrigS@wyeth.com;carito@ahora.net>>... Invalid route address: 275 Time(s)
<"Lisa and Sally" <lisa.willis@qr.com.au Sally.willis@qtcu.com.au>>... Invalid route address: 275 Time(s)
<"Vane y Mariela" <marielat3@aol.com;vatocoed@zonai.com>>... Invalid route address: 275 Time(s)
ruleset=check_relay, arg1=155.86.215.220.ap.yournet.ne.jp, arg2=220.215.86.155, relay=155.86.215.220.ap.yournet.ne.jp [220.215.86.155], reject=550 5.7.1 Rejected: 220.215.86.155 listed at dnsbl.sorbs.net: 30 Time(s)
daemon MTA: problem creating SMTP socket: 18 Time(s)
SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use: 18 Time(s)
ruleset=check_relay, arg1=js1.joyfulsavings.com, arg2=207.134.163.199, relay=js1.joyfulsavings.com [207.134.163.199], reject=550 5.7.1 Rejected: 207.134.163.199 listed at sbl-xbl.spamhaus.org: 10 Time(s)
ruleset=check_relay, arg1=sfd1.smiles4udeals.com, arg2=207.134.163.192, relay=sfd1.smiles4udeals.com [207.134.163.192], reject=550 5.7.1 Rejected: 207.134.163.192 listed at sbl-xbl.spamhaus.org: 7 Time(s)
ruleset=check_relay, arg1=smtp1.clear.net.nz, arg2=203.97.33.27, relay=smtp1.clear.net.nz [203.97.33.27], reject=550 5.7.1 Rejected: 203.97.33.27 listed at dnsbl.sorbs.net: 4 Time(s)
ruleset=check_relay, arg1=dialup105.nakasi.as3.is.com.fj, arg2=202.62.127.168, relay=dialup105.nakasi.as3.is.com.fj [202.62.127.168], reject=550 5.7.1 Rejected: 202.62.127.168 listed at dnsbl.sorbs.net: 3 Time(s)
ruleset=check_relay, arg1=so1.smilesoffer.com, arg2=207.134.163.194, relay=so1.smilesoffer.com [207.134.163.194], reject=550 5.7.1 Rejected: 207.134.163.194 listed at sbl-xbl.spamhaus.org: 3 Time(s)
ruleset=check_relay, arg1=jd1.jogdog.com, arg2=207.134.163.99, relay=jd1.jogdog.com [207.134.163.99], reject=550 5.7.1 Rejected: 207.134.163.99 listed at sbl-xbl.spamhaus.org: 2 Time(s)
ruleset=check_relay, arg1=fofa1.funofferz4all.com, arg2=207.134.163.100, relay=fofa1.funofferz4all.com [207.134.163.100], reject=550 5.7.1 Rejected: 207.134.163.100 listed at sbl-xbl.spamhaus.org: 2 Time(s)
discarded: 2 Time(s)
ruleset=check_relay, arg1=gad1.greatamericandealz.com, arg2=207.134.163.39, relay=gad1.greatamericandealz.com [207.134.163.39], reject=550 5.7.1 Rejected: 207.134.163.39 listed at sbl-xbl.spamhaus.org: 2 Time(s)
ruleset=check_relay, arg1=216-160-192-3.phnx.qwest.net, arg2=216.160.192.3, relay=216-160-192-3.phnx.qwest.net [216.160.192.3], reject=550 5.7.1 Rejected: 216.160.192.3 listed at dnsbl.sorbs.net: 2 Time(s)
ruleset=check_relay, arg1=138.225.186.195.cust.bluewin.ch, arg2=195.186.225.138, relay=138.225.186.195.cust.bluewin.ch [195.186.225.138] (may be forged), reject=550 5.7.1 Rejected: 195.186.225.138 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=sw74-224-121.adsl.seed.net.tw, arg2=211.74.224.121, relay=sw74-224-121.adsl.seed.net.tw [211.74.224.121], reject=550 5.7.1 Rejected: 211.74.224.121 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=bgm-24-95-140-224.stny.rr.com, arg2=24.95.140.224, relay=bgm-24-95-140-224.stny.rr.com [24.95.140.224], reject=550 5.7.1 Rejected: 24.95.140.224 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=host132.cashclaim.net, arg2=64.201.117.132, relay=host132.cashclaim.net [64.201.117.132], reject=550 5.7.1 Rejected: 64.201.117.132 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[218.13.101.33], arg2=218.13.101.33, relay=[218.13.101.33], reject=550 5.7.1 Rejected: 218.13.101.33 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=bm-3a.paradise.net.nz, arg2=202.0.58.22, relay=bm-3a.paradise.net.nz [202.0.58.22], reject=550 5.7.1 Rejected: 202.0.58.22 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=host198.discounts2go.com, arg2=66.54.93.198, relay=host198.discounts2go.com [66.54.93.198], reject=550 5.7.1 Rejected: 66.54.93.198 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[218.200.166.9], arg2=218.200.166.9, relay=[218.200.166.9], reject=550 5.7.1 Rejected: 218.200.166.9 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=evrtwa1-ar4-4-35-106-252.evrtwa1.elnk.dsl.genuity.net, arg2=4.35.106.252, relay=evrtwa1-ar4-4-35-106-252.evrtwa1.elnk.dsl.genuity.net [4.35.106.252], reject=550 5.7.1 Rejected: 4.35.106.252 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[194.132.65.20], arg2=194.132.65.20, relay=[194.132.65.20], reject=550 5.7.1 Rejected: 194.132.65.20 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=mail6.optinmaildomain.com, arg2=69.6.40.14, relay=mail6.optinmaildomain.com [69.6.40.14], reject=550 5.7.1 Rejected: 69.6.40.14 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_mail, arg1=<spyware.e261me@try4free.net>, relay=localhost [127.0.0.1] (may be forged), discard: 1 Time(s)
ruleset=check_relay, arg1=LL-61-66-17-208.LL.sparqnet.net, arg2=61.66.17.208, relay=LL-61-66-17-208.LL.sparqnet.net [61.66.17.208], reject=550 5.7.1 Rejected: 61.66.17.208 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=modem-2275.bonobo.dialup.pol.co.uk, arg2=217.134.56.227, relay=modem-2275.bonobo.dialup.pol.co.uk [217.134.56.227], reject=550 5.7.1 Rejected: 217.134.56.227 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=universe190.globaldial.com, arg2=202.74.163.190, relay=universe190.globaldial.com [202.74.163.190], reject=550 5.7.1 Rejected: 202.74.163.190 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[203.82.168.133], arg2=203.82.168.133, relay=[203.82.168.133], reject=550 5.7.1 Rejected: 203.82.168.133 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=sl1.sandlight.net, arg2=207.134.163.106, relay=sl1.sandlight.net [207.134.163.106], reject=550 5.7.1 Rejected: 207.134.163.106 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=d123158.upc-d.chello.nl, arg2=213.46.123.158, relay=d123158.upc-d.chello.nl [213.46.123.158], reject=550 5.7.1 Rejected: 213.46.123.158 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host38.finddirectdeals.com, arg2=64.201.126.38, relay=host38.finddirectdeals.com [64.201.126.38], reject=550 5.7.1 Rejected: 64.201.126.38 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host133.approveddeals.com, arg2=66.117.28.133, relay=host133.approveddeals.com [66.117.28.133], reject=550 5.7.1 Rejected: 66.117.28.133 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=CA03F0C9.dialup.mana.pf, arg2=202.3.240.201, relay=CA03F0C9.dialup.mana.pf [202.3.240.201], reject=550 5.7.1 Rejected: 202.3.240.201 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[199.40.205.253], arg2=199.40.205.253, relay=[199.40.205.253], reject=550 5.7.1 Rejected: 199.40.205.253 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[218.25.10.3], arg2=218.25.10.3, relay=[218.25.10.3], reject=550 5.7.1 Rejected: 218.25.10.3 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=go1.grandofferz.com, arg2=207.134.163.202, relay=go1.grandofferz.com [207.134.163.202], reject=550 5.7.1 Rejected: 207.134.163.202 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=210-54-78-4.dialup.xtra.co.nz, arg2=210.54.78.4, relay=210-54-78-4.dialup.xtra.co.nz [210.54.78.4], reject=550 5.7.1 Rejected: 210.54.78.4 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=mail10.optinmaildomain.com, arg2=69.6.40.18, relay=mail10.optinmaildomain.com [69.6.40.18], reject=550 5.7.1 Rejected: 69.6.40.18 listed at sbl-xbl.spamhaus.org: 1 Time(s)
DSN: User unknown: 1 Time(s)
ruleset=check_relay, arg1=node-c-d398.a2000.nl, arg2=62.194.211.152, relay=node-c-d398.a2000.nl [62.194.211.152], reject=550 5.7.1 Rejected: 62.194.211.152 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=mail4.optinmaildomain.com, arg2=69.6.40.12, relay=mail4.optinmaildomain.com [69.6.40.12], reject=550 5.7.1 Rejected: 69.6.40.12 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=203-96-99-68.dialup.xtra.co.nz, arg2=203.96.99.68, relay=203-96-99-68.dialup.xtra.co.nz [203.96.99.68], reject=550 5.7.1 Rejected: 203.96.99.68 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=210-86-45-199.dialup.xtra.co.nz, arg2=210.86.45.199, relay=210-86-45-199.dialup.xtra.co.nz [210.86.45.199], reject=550 5.7.1 Rejected: 210.86.45.199 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=KH222-156-78-32.adsl.pl.apol.com.tw, arg2=222.156.78.32, relay=KH222-156-78-32.adsl.pl.apol.com.tw [222.156.78.32] (may be forged), reject=550 5.7.1 Rejected: 222.156.78.32 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=mail5.optinmaildomain.com, arg2=69.6.40.13, relay=mail5.optinmaildomain.com [69.6.40.13], reject=550 5.7.1 Rejected: 69.6.40.13 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=[203.94.248.85], arg2=203.94.248.85, relay=[203.94.248.85], reject=550 5.7.1 Rejected: 203.94.248.85 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host125.samplesdirect.net, arg2=66.117.30.125, relay=host125.samplesdirect.net [66.117.30.125], reject=550 5.7.1 Rejected: 66.117.30.125 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=APlessis-Bouchard-105-1-1-181.w80-11.abo.wanadoo.fr, arg2=80.11.118.181, relay=APlessis-Bouchard-105-1-1-181.w80-11.abo.wanadoo.fr [80.11.118.181], reject=550 5.7.1 Rejected: 80.11.118.181 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=Jamie.cpe.leeds.al.charter.com, arg2=68.185.148.8, relay=Jamie.cpe.leeds.al.charter.com [68.185.148.8] (may be forged), reject=550 5.7.1 Rejected: 68.185.148.8 listed at dnsbl.sorbs.net: 1 Time(s)
ruleset=check_relay, arg1=[218.17.220.18], arg2=218.17.220.18, relay=[218.17.220.18], reject=550 5.7.1 Rejected: 218.17.220.18 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_relay, arg1=host245.extremepricecuts.net, arg2=64.201.120.245, relay=host245.extremepricecuts.net [64.201.120.245], discard: 1 Time(s)
ruleset=check_relay, arg1=adsl-208-189-83-117.dsl.rcsntx.swbell.net, arg2=208.189.83.117, relay=adsl-208-189-83-117.dsl.rcsntx.swbell.net [208.189.83.117], reject=550 5.7.1 Rejected: 208.189.83.117 listed at sbl-xbl.spamhaus.org: 1 Time(s)
ruleset=check_mail, arg1=<sun.c889me@extremepricecuts.net>, relay=host245.extremepricecuts.net [64.201.120.245], discard: 1 Time(s)
ruleset=check_relay, arg1=adsl-68-123-167-190.dsl.lsan03.pacbell.net, arg2=68.123.167.190, relay=adsl-68-123-167-190.dsl.lsan03.pacbell.net [68.123.167.190], reject=550 5.7.1 Rejected: 68.123.167.190 listed at dnsbl.sorbs.net: 1 Time(s)

---------------------- sendmail End -------------------------


###################### LogWatch End #########################


All times are GMT -5. The time now is 09:42 PM.