• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question it is normal in the syslog

israel diaz

israel diaz

New Pleskian
Hello I am searching why my server is working so bad. I dont know where logs I have to see. I enter var/log and see syslog

There are more people sending connection to email...

195.22.126
91.200.13.15
195.22.126.241


It is normal??? I can control this??

failed mail authenticatication attempt for user 'careers' (password len=8)
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: warning: unknown[195.22.126.241]: SASL LOGIN authentication failed: authentication failure



:40:05 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.13.15]
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: privileges set to (105:113) (effective 105:113)
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: failed mail authenticatication attempt for user 'mail' (password len=6)
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: warning: unknown[91.200.13.15]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[91.200.13.15]
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: disconnect from unknown[91.200.13.15]
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: connect from unknown[195.22.126.241]
Jan 23 08:40:07 h2427019 plesk_saslauthd[2390]: failed mail authenticatication attempt for user 'careers' (password len=8)
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: warning: unknown[195.22.126.241]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[195.22.126.241]
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: disconnect from unknown[195.22.126.241]
Jan 23 08:40:37 h2427019 plesk_saslauthd[2390]: select timeout, exiting
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: warning: hostname host167-172-149-62.serverdedicati.aruba.it does not resolve to address 62.149.172.167: Name or service not known
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: connect from unknown[62.149.172.167]
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[62.149.172.167]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<host167-172-149-62.serverdedicati.aruba.it>
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[62.149.172.167]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<host167-172-149-62.serverdedicati.aruba.it>
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: lost connection after RSET from unknown[62.149.172.167]
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: disconnect from unknown[62.149.172.167]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: warning: hostname ip-220-138.dataclub.biz does not resolve to address 46.183.220.138: Name or service not known
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: connect from unknown[46.183.220.138]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[46.183.220.138]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mata.com>
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: lost connection after RCPT from unknown[46.183.220.138]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: disconnect from unknown[46.183.220.138]
Jan 23 08:42:26 h2427019 postfix/smtpd[2363]: warning: hostname static-218-137-62-95.ipcom.comunitel.net does not resolve to address 95.62.137.218: Name or service not known
Jan 23 08:42:26 h2427019 postfix/smtpd[2363]: connect from unknown[95.62.137.218]
Jan 23 08:42:27 h2427019 postfix/smtpd[2363]: 64B8718E80C3C: client=unknown[95.62.137.218], sasl_method=DIGEST-MD5, [email protected]
Jan 23 08:42:27 h2427019 postfix/cleanup[2395]: 64B8718E80C3C: message-id=<004f01d2754c$3ed88ff0$bc89afd0$@com>
Jan 23 08:41:06 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: message repeated 16 times: [ Message aborted.]
Jan 23 08:42:28 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: handlers_stderr: SKIP
Jan 23 08:42:28 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: SKIP during call 'check-quota' handler
Jan 23 08:42:29 h2427019 postfix/qmgr[839]: 64B8718E80C3C: from=<[email protected]>, size=16926, nrcpt=1 (queue active)
Jan 23 08:42:31 h2427019 postfix/smtp[2398]: 64B8718E80C3C: to=<[email protected]>, relay=correo.valenciahospitalveterinario.com[83.175.223.202]:25, delay=3.9, delays=1.1/1.3/0.79/0.69, dsn=2.6.0, status=sent (250 2.6.0 <004f01d2754c$3ed88ff0$bc89afd0$@com> Queued mail for delivery)
Jan 23 08:42:31 h2427019 postfix/qmgr[839]: 64B8718E80C3C: removed
Jan 23 08:42:32 h2427019 postfix/smtpd[2363]: disconnect from unknown[95.62.137.218]
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: warning: hostname vps863.hidehost.net does not resolve to address 91.200.12.150: Name or service not known
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.12.150]
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: privileges set to (105:113) (effective 105:113)
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: failed mail authenticatication attempt for user 'office' (password len=9)
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: warning: unknown[91.200.12.150]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[91.200.12.150]
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: disconnect from unknown[91.200.12.150]
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max connection rate 1/60s for (smtp:154.61.83.161) at Jan 23 08:34:06
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max connection count 1 for (smtp:154.61.83.161) at Jan 23 08:34:06
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max cache size 7 at Jan 23 08:37:27
Jan 23 08:44:00 h2427019 postfix/smtpd[2363]: warning: hostname dedic865.hidehost.net does not resolve to address 91.200.12.161: Name or service not known
Jan 23 08:44:00 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.12.161]
 
if I put in the firewall a rule

incoming deny 91.200.0.0/16 --> this block all the ips 91.200.0.1--> 91.200.254.254 ???
 
Do not block IPs manually, because spammers and viruses can and will use any IP.

Instead, use Fail2Ban (Tools & Settings > Security). It analyzes your log files and will block IPs dynamically that behave badly, including SMTP and POP/IMAP attacks as shown in your log.
 
Good morning.
OK I go to find Fail2ban and install. But I not see sys.log

captura.jpg



Thank you

and how I can eliminate a orphan package in nthis situation.

plesk repair all

The system user 'vrsets' is orphaned in Plesk ..................... [WARNING]
Remove the system user 'vrsets'? [Y/n] Y
Removing the system user 'vrsets' ............................... [2017-01-22 22:42:23] DEBUG [util_exec] [f4cda814e79765d1d120a15fb59dfd12-0] Starting: usermng --set-user-quota --user=vrsets --quota=0, stdin:
[2017-01-22 22:42:23] DEBUG [util_exec] [f4cda814e79765d1d120a15fb59dfd12-0] Finished in 0.0101s, Error code: 255, stdout: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such file or directory
Skipping...
setquota: No correct mountpoint specified.
setquota: Cannot initialize mountpoint scan.
usermng: Unable to set quota for user 'vrsets'
, stderr: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such file or directory
Skipping...
setquota: No correct mountpoint specified.
setquota: Cannot initialize mountpoint scan.
usermng: Unable to set quota for user 'vrsets'

[2017-01-22 22:42:23] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/usermng' '--set-user-quota' '--user=vrsets' '--quota=0'] with exit code [255]
[2017-01-22 22:42:23] DEBUG [util_exec] [5885273fe64df] Starting: send-error-report warning, stdin:
[2017-01-22 22:42:23] DEBUG [util_exec] [5885273fe64df] Finished in 0.00145s, Error code: TRUE, stdout: , stderr:
Error occured while sending feedback. HTTP code returned: 502
[FAILED]
- Failed to remove the system user 'vrsets': Unable to execute
usermng: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file
or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such
file or directory
 
Last edited:
You must log in or register to reply here.

Similar threads

danami
Resolved Arc errors in maillog
2
Replies
22
Views
2K
AlexMuc81
A
U
Question Postfix TLS issue
Replies
5
Views
2K
Kaspar
K
Ankebut
Resolved PHP 8.1 Another FPM instance seems to already listen on [...] php-fpm.sock
2
Replies
26
Views
10K
Ankebut
Ankebut
L
Resolved Mails marked as Spam
Replies
6
Views
1K
tramvainqueur
tramvainqueur
S
Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)
Replies
3
Views
2K
mow
M
Back
Top