• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Question it is normal in the syslog

israel diaz

israel diaz

New Pleskian
Hello I am searching why my server is working so bad. I dont know where logs I have to see. I enter var/log and see syslog

There are more people sending connection to email...

195.22.126
91.200.13.15
195.22.126.241


It is normal??? I can control this??

failed mail authenticatication attempt for user 'careers' (password len=8)
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: warning: unknown[195.22.126.241]: SASL LOGIN authentication failed: authentication failure



:40:05 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.13.15]
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: privileges set to (105:113) (effective 105:113)
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: failed mail authenticatication attempt for user 'mail' (password len=6)
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: warning: unknown[91.200.13.15]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[91.200.13.15]
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: disconnect from unknown[91.200.13.15]
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: connect from unknown[195.22.126.241]
Jan 23 08:40:07 h2427019 plesk_saslauthd[2390]: failed mail authenticatication attempt for user 'careers' (password len=8)
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: warning: unknown[195.22.126.241]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[195.22.126.241]
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: disconnect from unknown[195.22.126.241]
Jan 23 08:40:37 h2427019 plesk_saslauthd[2390]: select timeout, exiting
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: warning: hostname host167-172-149-62.serverdedicati.aruba.it does not resolve to address 62.149.172.167: Name or service not known
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: connect from unknown[62.149.172.167]
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[62.149.172.167]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<host167-172-149-62.serverdedicati.aruba.it>
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[62.149.172.167]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<host167-172-149-62.serverdedicati.aruba.it>
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: lost connection after RSET from unknown[62.149.172.167]
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: disconnect from unknown[62.149.172.167]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: warning: hostname ip-220-138.dataclub.biz does not resolve to address 46.183.220.138: Name or service not known
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: connect from unknown[46.183.220.138]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[46.183.220.138]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mata.com>
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: lost connection after RCPT from unknown[46.183.220.138]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: disconnect from unknown[46.183.220.138]
Jan 23 08:42:26 h2427019 postfix/smtpd[2363]: warning: hostname static-218-137-62-95.ipcom.comunitel.net does not resolve to address 95.62.137.218: Name or service not known
Jan 23 08:42:26 h2427019 postfix/smtpd[2363]: connect from unknown[95.62.137.218]
Jan 23 08:42:27 h2427019 postfix/smtpd[2363]: 64B8718E80C3C: client=unknown[95.62.137.218], sasl_method=DIGEST-MD5, [email protected]
Jan 23 08:42:27 h2427019 postfix/cleanup[2395]: 64B8718E80C3C: message-id=<004f01d2754c$3ed88ff0$bc89afd0$@com>
Jan 23 08:41:06 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: message repeated 16 times: [ Message aborted.]
Jan 23 08:42:28 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: handlers_stderr: SKIP
Jan 23 08:42:28 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: SKIP during call 'check-quota' handler
Jan 23 08:42:29 h2427019 postfix/qmgr[839]: 64B8718E80C3C: from=<[email protected]>, size=16926, nrcpt=1 (queue active)
Jan 23 08:42:31 h2427019 postfix/smtp[2398]: 64B8718E80C3C: to=<[email protected]>, relay=correo.valenciahospitalveterinario.com[83.175.223.202]:25, delay=3.9, delays=1.1/1.3/0.79/0.69, dsn=2.6.0, status=sent (250 2.6.0 <004f01d2754c$3ed88ff0$bc89afd0$@com> Queued mail for delivery)
Jan 23 08:42:31 h2427019 postfix/qmgr[839]: 64B8718E80C3C: removed
Jan 23 08:42:32 h2427019 postfix/smtpd[2363]: disconnect from unknown[95.62.137.218]
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: warning: hostname vps863.hidehost.net does not resolve to address 91.200.12.150: Name or service not known
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.12.150]
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: privileges set to (105:113) (effective 105:113)
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: failed mail authenticatication attempt for user 'office' (password len=9)
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: warning: unknown[91.200.12.150]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[91.200.12.150]
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: disconnect from unknown[91.200.12.150]
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max connection rate 1/60s for (smtp:154.61.83.161) at Jan 23 08:34:06
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max connection count 1 for (smtp:154.61.83.161) at Jan 23 08:34:06
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max cache size 7 at Jan 23 08:37:27
Jan 23 08:44:00 h2427019 postfix/smtpd[2363]: warning: hostname dedic865.hidehost.net does not resolve to address 91.200.12.161: Name or service not known
Jan 23 08:44:00 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.12.161]
 
if I put in the firewall a rule

incoming deny 91.200.0.0/16 --> this block all the ips 91.200.0.1--> 91.200.254.254 ???
 
Do not block IPs manually, because spammers and viruses can and will use any IP.

Instead, use Fail2Ban (Tools & Settings > Security). It analyzes your log files and will block IPs dynamically that behave badly, including SMTP and POP/IMAP attacks as shown in your log.
 
Good morning.
OK I go to find Fail2ban and install. But I not see sys.log

captura.jpg



Thank you

and how I can eliminate a orphan package in nthis situation.

plesk repair all

The system user 'vrsets' is orphaned in Plesk ..................... [WARNING]
Remove the system user 'vrsets'? [Y/n] Y
Removing the system user 'vrsets' ............................... [2017-01-22 22:42:23] DEBUG [util_exec] [f4cda814e79765d1d120a15fb59dfd12-0] Starting: usermng --set-user-quota --user=vrsets --quota=0, stdin:
[2017-01-22 22:42:23] DEBUG [util_exec] [f4cda814e79765d1d120a15fb59dfd12-0] Finished in 0.0101s, Error code: 255, stdout: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such file or directory
Skipping...
setquota: No correct mountpoint specified.
setquota: Cannot initialize mountpoint scan.
usermng: Unable to set quota for user 'vrsets'
, stderr: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such file or directory
Skipping...
setquota: No correct mountpoint specified.
setquota: Cannot initialize mountpoint scan.
usermng: Unable to set quota for user 'vrsets'

[2017-01-22 22:42:23] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/usermng' '--set-user-quota' '--user=vrsets' '--quota=0'] with exit code [255]
[2017-01-22 22:42:23] DEBUG [util_exec] [5885273fe64df] Starting: send-error-report warning, stdin:
[2017-01-22 22:42:23] DEBUG [util_exec] [5885273fe64df] Finished in 0.00145s, Error code: TRUE, stdout: , stderr:
Error occured while sending feedback. HTTP code returned: 502
[FAILED]
- Failed to remove the system user 'vrsets': Unable to execute
usermng: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file
or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such
file or directory
 
Last edited:
You must log in or register to reply here.

Similar threads

danami
Resolved Arc errors in maillog
2
Replies
22
Views
2K
AlexMuc81
A
U
Question Postfix TLS issue
Replies
5
Views
2K
Kaspar
K
Ankebut
Resolved PHP 8.1 Another FPM instance seems to already listen on [...] php-fpm.sock
2
Replies
26
Views
10K
Ankebut
Ankebut
L
Resolved Mails marked as Spam
Replies
6
Views
1K
tramvainqueur
tramvainqueur
S
Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)
Replies
3
Views
2K
mow
M
Back
Top