• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question it is normal in the syslog

israel diaz

israel diaz

New Pleskian
Hello I am searching why my server is working so bad. I dont know where logs I have to see. I enter var/log and see syslog

There are more people sending connection to email...

195.22.126
91.200.13.15
195.22.126.241


It is normal??? I can control this??

failed mail authenticatication attempt for user 'careers' (password len=8)
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: warning: unknown[195.22.126.241]: SASL LOGIN authentication failed: authentication failure



:40:05 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.13.15]
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: privileges set to (105:113) (effective 105:113)
Jan 23 08:40:05 h2427019 plesk_saslauthd[2390]: failed mail authenticatication attempt for user 'mail' (password len=6)
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: warning: unknown[91.200.13.15]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[91.200.13.15]
Jan 23 08:40:05 h2427019 postfix/smtpd[2363]: disconnect from unknown[91.200.13.15]
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: connect from unknown[195.22.126.241]
Jan 23 08:40:07 h2427019 plesk_saslauthd[2390]: failed mail authenticatication attempt for user 'careers' (password len=8)
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: warning: unknown[195.22.126.241]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[195.22.126.241]
Jan 23 08:40:07 h2427019 postfix/smtpd[2363]: disconnect from unknown[195.22.126.241]
Jan 23 08:40:37 h2427019 plesk_saslauthd[2390]: select timeout, exiting
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: warning: hostname host167-172-149-62.serverdedicati.aruba.it does not resolve to address 62.149.172.167: Name or service not known
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: connect from unknown[62.149.172.167]
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[62.149.172.167]: 454 4.7.1 <lona9p34@iconmaps.es>: Relay access denied; from=<pHJemEJtle@leonsphoto.nl> to=<lona9p34@iconmaps.es> proto=ESMTP helo=<host167-172-149-62.serverdedicati.aruba.it>
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[62.149.172.167]: 454 4.7.1 <lona@iconmaps.es>: Relay access denied; from=<pHJemEJtle@leonsphoto.nl> to=<lona@iconmaps.es> proto=ESMTP helo=<host167-172-149-62.serverdedicati.aruba.it>
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: lost connection after RSET from unknown[62.149.172.167]
Jan 23 08:40:43 h2427019 postfix/smtpd[2363]: disconnect from unknown[62.149.172.167]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: warning: hostname ip-220-138.dataclub.biz does not resolve to address 46.183.220.138: Name or service not known
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: connect from unknown[46.183.220.138]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: NOQUEUE: reject: RCPT from unknown[46.183.220.138]: 454 4.7.1 <earle@iconmaps.es>: Relay access denied; from=<info@apple.com> to=<earle@iconmaps.es> proto=ESMTP helo=<mata.com>
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: lost connection after RCPT from unknown[46.183.220.138]
Jan 23 08:41:06 h2427019 postfix/smtpd[2363]: disconnect from unknown[46.183.220.138]
Jan 23 08:42:26 h2427019 postfix/smtpd[2363]: warning: hostname static-218-137-62-95.ipcom.comunitel.net does not resolve to address 95.62.137.218: Name or service not known
Jan 23 08:42:26 h2427019 postfix/smtpd[2363]: connect from unknown[95.62.137.218]
Jan 23 08:42:27 h2427019 postfix/smtpd[2363]: 64B8718E80C3C: client=unknown[95.62.137.218], sasl_method=DIGEST-MD5, sasl_username=administracion@systeclean.com
Jan 23 08:42:27 h2427019 postfix/cleanup[2395]: 64B8718E80C3C: message-id=<004f01d2754c$3ed88ff0$bc89afd0$@com>
Jan 23 08:41:06 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: message repeated 16 times: [ Message aborted.]
Jan 23 08:42:28 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: handlers_stderr: SKIP
Jan 23 08:42:28 h2427019 /usr/lib/plesk-9.0/psa-pc-remote[29781]: SKIP during call 'check-quota' handler
Jan 23 08:42:29 h2427019 postfix/qmgr[839]: 64B8718E80C3C: from=<administracion@systeclean.com>, size=16926, nrcpt=1 (queue active)
Jan 23 08:42:31 h2427019 postfix/smtp[2398]: 64B8718E80C3C: to=<administracion@valenciahospitalveterinario.com>, relay=correo.valenciahospitalveterinario.com[83.175.223.202]:25, delay=3.9, delays=1.1/1.3/0.79/0.69, dsn=2.6.0, status=sent (250 2.6.0 <004f01d2754c$3ed88ff0$bc89afd0$@com> Queued mail for delivery)
Jan 23 08:42:31 h2427019 postfix/qmgr[839]: 64B8718E80C3C: removed
Jan 23 08:42:32 h2427019 postfix/smtpd[2363]: disconnect from unknown[95.62.137.218]
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: warning: hostname vps863.hidehost.net does not resolve to address 91.200.12.150: Name or service not known
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.12.150]
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: privileges set to (105:113) (effective 105:113)
Jan 23 08:43:53 h2427019 plesk_saslauthd[2424]: failed mail authenticatication attempt for user 'office' (password len=9)
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: warning: unknown[91.200.12.150]: SASL LOGIN authentication failed: authentication failure
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: lost connection after AUTH from unknown[91.200.12.150]
Jan 23 08:43:53 h2427019 postfix/smtpd[2363]: disconnect from unknown[91.200.12.150]
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max connection rate 1/60s for (smtp:154.61.83.161) at Jan 23 08:34:06
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max connection count 1 for (smtp:154.61.83.161) at Jan 23 08:34:06
Jan 23 08:43:58 h2427019 postfix/anvil[2078]: statistics: max cache size 7 at Jan 23 08:37:27
Jan 23 08:44:00 h2427019 postfix/smtpd[2363]: warning: hostname dedic865.hidehost.net does not resolve to address 91.200.12.161: Name or service not known
Jan 23 08:44:00 h2427019 postfix/smtpd[2363]: connect from unknown[91.200.12.161]
 
if I put in the firewall a rule

incoming deny 91.200.0.0/16 --> this block all the ips 91.200.0.1--> 91.200.254.254 ???
 
Do not block IPs manually, because spammers and viruses can and will use any IP.

Instead, use Fail2Ban (Tools & Settings > Security). It analyzes your log files and will block IPs dynamically that behave badly, including SMTP and POP/IMAP attacks as shown in your log.
 
Good morning.
OK I go to find Fail2ban and install. But I not see sys.log

captura.jpg



Thank you

and how I can eliminate a orphan package in nthis situation.

plesk repair all

The system user 'vrsets' is orphaned in Plesk ..................... [WARNING]
Remove the system user 'vrsets'? [Y/n] Y
Removing the system user 'vrsets' ............................... [2017-01-22 22:42:23] DEBUG [util_exec] [f4cda814e79765d1d120a15fb59dfd12-0] Starting: usermng --set-user-quota --user=vrsets --quota=0, stdin:
[2017-01-22 22:42:23] DEBUG [util_exec] [f4cda814e79765d1d120a15fb59dfd12-0] Finished in 0.0101s, Error code: 255, stdout: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such file or directory
Skipping...
setquota: No correct mountpoint specified.
setquota: Cannot initialize mountpoint scan.
usermng: Unable to set quota for user 'vrsets'
, stderr: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such file or directory
Skipping...
setquota: No correct mountpoint specified.
setquota: Cannot initialize mountpoint scan.
usermng: Unable to set quota for user 'vrsets'

[2017-01-22 22:42:23] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/usermng' '--set-user-quota' '--user=vrsets' '--quota=0'] with exit code [255]
[2017-01-22 22:42:23] DEBUG [util_exec] [5885273fe64df] Starting: send-error-report warning, stdin:
[2017-01-22 22:42:23] DEBUG [util_exec] [5885273fe64df] Finished in 0.00145s, Error code: TRUE, stdout: , stderr:
Error occured while sending feedback. HTTP code returned: 502
[FAILED]
- Failed to remove the system user 'vrsets': Unable to execute
usermng: usermng: /usr/sbin/setquota execution failed:
setquota: Cannot stat() mounted device /dev/vzfs: No such file
or directory
setquota: Cannot stat() given mountpoint /dev/vzfs: No such
file or directory
 
Last edited:
You must log in or register to reply here.

Similar threads

EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
992
EnriqueR
EnriqueR
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
1K
frg62
F
J
Resolved 25: Connection timed out - Almalinux 9.4 x86_64 | 18.0.61.1
Replies
2
Views
2K
josemanuuxd
J
danami
Resolved Arc errors in maillog
2
Replies
22
Views
5K
AlexMuc81
A
Back
Top