similar to: Dovecot attack

Found an error or two from my logwatch report from yesterday, thought I would share this in hopes this is just first time run of the problem I noticed in the Kernel report section... Also not sure why there's an issue with automount either.... but I guess I could ask on that issue as well. I am not worried about the NAMED error, this is something that happens due to one of the services that

**Unmatched Entries** gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user 9 gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving

Yesterday I installed pam_shield and followed the testing suggested and thought all was well. today I find that I cannot get to my email account, I can login via ssh okay (uses keys) but su and sudo give segmentation faults. I am guessing due to the pam module causing a problem. As I cannot do remote login as root and sudo and su use pam I appear to have locked myself out. Any words of wisdom

Hello, I am using Dovecot ver.1.0.7 on an x86 server with RedHat Linux Enterprise 5 and the following configuration: # 1.0.7: /etc/dovecot.conf protocols: pop3 login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/pop3-login mail_location: mbox:~/mail:INBOX=/var/mail/%u mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3

I've seen pam_shield recommended several times for protecting against malicious login attempts; but I'm not quite clear if this requires one to be already running some pam-based software? Also, I'm running shorewall, and would prefer a shorewall based protection, but the advice I read on googling for this seemed excessively complicated. -- Timothy Murphy e-mail: gayleard /at/

I just launched a new mailserver that is using dovecot. My previous mailserver used courier-mail. I am expecting better things with this new server, but I was use to some login information in logwatch that I am not seeing now. For example I would get: [IMAPd] Logout stats: ==================== User | Logouts | Downloaded | Mbox Size

Hi All, I don't know enough about when errors are *really* errors. So I google a lot to read and learn. I have a few things in my Logwatch that I want to make sure I understand 1. smartd **Unmatched Entries** Problem creating device name scan list Device /dev/sda: using '-d sat' for ATA disk behind SAT layer. Device /dev/sdb: using '-d sat' for ATA disk behind SAT layer.

Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states: ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles

Logwatch file shows last upgrade to the code was 2007. The unmatched entries are killing me in the reports. I figure there must be a newer utility centos has in the repo but I cannot find one. Is logwatch the only one that is included? thanks

I've recently switched to using spamassassin via a sendmail milter, rather than using procmail to invoke it. This means that I get a number of messages appearing in my maillog, and then being reported by logwatch as unmatched entries. An example of such a messages is: Feb 27 04:33:09 quail sendmail[24780]: p1R4X46P024780[2]: URIBL blacklist\n\t* [URIs: tablettoxicspillsrx.ru]\n\t* 1.5

Hello, I noticed in my logwatch file I have an error with my rndc key. I could 'play' around with it and may fix it but most likey just hose things up. I think I see the problem but not 100% sure. I think the key file has 3 different names. Here's the error: **Unmatched Entries** /etc/named.conf:23: couldn't find key 'rndckey' for use with command channel

Hello PeopleCan anybody help me?My scenario:- One computer with:a) postfix-2.6.6-2.2.el6_1.x86_64b) mysql-5.1.66-2.el6_3.x86_64c) dovecot-2.0.9-2.el6_1.1.x86_64d) dovecot-mysql-2.0.9-2.el6_1.1.x86_64Postfix and Dovecot auth over MySQLThe Problem:- logwatch show me: Dovecot disconnects: auth failed, 1 attempts: 1 Time(s) in IDLE: 2 Time(s) no auth attempts: 6 Time(s) no reason: 6

I updated the machine that I use for a web/email server last night to 5.9, and I have this in the logwatch report this morning: QUOTE: --------------------- Smartd Begin ------------------------ Warnings: Device: /dev/sda [SAT], WARNING: There are known problems with these drives, - 1 Time(s) **Unmatched Entries** smartd 5.42 2011-10-20 r3458 [x86_64-linux-2.6.18-348.el5] (local

In my log files I occasionally get a huge number of Dovecot authentication failures (see clip below). I wanted to know if there's a way to limit the number of times an IP address can attempt to authenticate, if there's a way to have a timeout between attempted authentications, or if there is a way to limit authentication attempts by a specific username within a certain period of time.

I am using dovecot 2.2 with plesk 12 and I have made no modifications to the dovecot config. Logwatch reports the messages below. The errors don't seem to appear for every imap connect as can be seen from the number of deliveries and successful logins. So what makes dovecot fail sometimes to create the /tmp/dovecot.imap? Dovecot Deliveries: 19 Dovecot IMAP and POP3 Successful Logins: 106

Thanks to Anthony Ciarochi at Centeris for this solution. I have a Centos (Red Hat-based) server that is now accessible to AD users AND local users via ssh. I can control which AD groups can login using the syntax below. Red Hat-based distros use "pam_stack" in pam.d which is quite different than Debian's "include" based pam.d, cat /etc/pam.d/sshd #

Every few days I see in the logwatch on my Centos-5.5 web-server what seems like a rather feeble break-in attempt. Eg today I see --------------------------- 403 Forbidden /phpMyAdmin/scripts/setup.php: 2 Time(s) /phpmyadmin/scripts/setup.php: 2 Time(s) 404 Not Found /PMA2005/scripts/setup.php: 1 Time(s) /TRAD_files/datestamp.js: 1 Time(s) ...

I have just upgraded my server from CentOS 5 to CentOS 6 and am having connectivity problems. My laptop runs Fedora 14, and I have been in the habit of mounting data partitions on my server by fstab entries. Since the update I've not been able to do that. On watching the messages during a reboot I saw a statement that the connection was denied by the server (where are those messages

On CentOS5 with the latest updates applied, the logwatch filter for postfix returns way too many lines from the log. I get an "unmatched entries" message and all messages that have gone through the system is listed. Here is an example: 8F930A8092: to=<morten at foo.bar>, orig_to=<morten at localhost>, relay=local, delay=0.19, delays=0.06/0.01/0/0.12, dsn=2.0.0,

one more thing: firewalld service and selinux are deactivated. On 05/11/2015 07:06 PM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. > > I have installed CentOS7 64bit with KDE. > I did not do any 'yum update' or install of extra packages so far. > >