Logwatch     2020年11月23日 午前 10:58:12





Dovecot IMAP and POP3 Successful Logins: 21

Dovecot disconnects: 38



protocol 'SSLv2': 1 Time(s)
    dovecot[7201]: config: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf: 1 Time(s)
    dovecot[7201]: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:63: ssl_protocols has been replaced by ssl_min_protocol: 1 Time(s)
    dovecot[7403]: master: Dovecot v2.3.8 (9df20d2db) starting up for imap, pop3, lmtp: 1 Time(s)
    dovecot[7405]: config: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf: 1 Time(s)
    dovecot[7405]: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:63: ssl_protocols has been replaced by ssl_min_protocol: 1 Time(s)
    dovecot[7556]: master: Dovecot v2.3.8 (9df20d2db) starting up for imap, pop3, lmtp: 1 Time(s)
    dovecot[7558]: config: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf: 1 Time(s)
    dovecot[7558]: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:63: ssl_protocols has been replaced by ssl_min_protocol: 1 Time(s)
    dovecot[7809]: master: Dovecot v2.3.8 (9df20d2db) starting up for imap, pop3, lmtp: 1 Time(s)
   dovecot[8465]: master: Dovecot v2.3.8 (9df20d2db) starting up for imap, pop3, lmtp: 1 Time(s)
 

<対処>
 [root@falcon21 ~]# vi /etc/dovecot/conf.d/10-ssl.conf
     62 ssl_min_protocol = TLSv1
     63 #ssl_protocols = !SSLv3
     64 ssl_protocols = !SSLv3
     65


[root@falcon21 ~]# systemctl restart postfix dovecot

[root@falcon21 ~]# systemctl status dovecot
 dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabl>
   Active: active (running) since Mon 2020-11-23 11:26:09 JST; 40s ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
  Process: 138328 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
  Process: 138421 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/>
 Main PID: 138428 (dovecot)
    Tasks: 4 (limit: 48971)
   Memory: 5.6M
   CGroup: /system.slice/dovecot.service
           ├─138428 /usr/sbin/dovecot -F
           ├─138429 dovecot/anvil
           ├─138430 dovecot/log

      -------------------------------------------------

httpd 

 A total of 6 sites probed the server 
    106.154.138.163
    124.210.29.148
    192.168.10.4
    193.239.147.184
    210.175.139.20
    61.219.11.153


    400 Bad Request
       /: 6 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
       null: 1 Time(s)

  403 Forbidden
  404 Not Found

    408 Request Timeout
       null: 221 Time(s)

  
    500 Internal Server Error

    503 Service Unavailable

    504 Gateway Timeout

------------------
pam_unix

 sshd:
    Authentication Failures:
       unknown (87.241.1.186): 238 Time(s)
       unknown (222.127.151.230): 119 Time(s)
       unknown (116.237.239.42): 118 Time(s)
       root (112.85.42.98): 97 Time(s)
       root (218.92.0.250): 90 Time(s)
       root (112.85.42.230): 88 Time(s)
       root (112.85.42.96): 85 Time(s)
           大量

    Invalid Users:
       Unknown Account: 522 Time(s)
 

 vsftpd:
    Authentication Failures:
       unknown (59.56.110.66): 161 Time(s)
    Invalid Users:
       Unknown Account: 161 Time(s)

--------------

Postfix

 **Unmatched Entries****Unmatched Entries**
        1   Nov 20 09:11:22 falcon21 postfix[5396]: Postfix is running with backwards-compatible default settings
        1   Nov 20 09:11:22 falcon21 postfix[5375]: See http://www.postfix.org/COMPATIBILITY_README.html for details
        1   Nov 20 10:20:16 falcon21 postfix[7707]: See http://www.postfix.org/COMPATIBILITY_README.html for details
        1   Nov 20 10:08:04 falcon21 postfix[7475]: Postfix is running with backwards-compatible default settings
        1   Nov 20 20:05:27 falcon21 postfix/trivial-rewrite[28592]: using backwards-compatible default setting append_dot_mydomain=yes to rewrite "space" to "space.falcon21.space"
        1   Nov 20 10:08:04 falcon21 postfix[7475]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
        1   Nov 20 09:11:22 falcon21 postfix[5375]: Postfix is running with backwards-compatible default settings

< 対処>
See http://www.postfix.org/COMPATIBILITY_README.html
   
   下位互換性のあるデフォルト設定      chroot = yを使用する
   下位互換性のあるデフォルト設定を使用する smtpd_relay_restrictions =(空
   下位互換性のあるデフォルト設定      mynetworks_style = subnetを使用する
   下位互換性のあるデフォルト設定を使用する relay_domains = $ mydestination
   下位互換性のあるデフォルト設定を使用する smtputf8_enable = no
   下位互換性のあるデフォルト設定の使用   smtpd_tls_fingerprint_digest = md5
   下位互換性のあるデフォルト設定の使用   smtp_tls_fingerprint_digest = md5
   下位互換性セーフティネットをオフにする


[root@falcon21 ~]# vi /etc/postfix/main.cf
 最後尾に追加
    714
    715 chroot = y
    716 smtpd_relay_restrictions =
    717 mynetworks_style = subnet
    718 relay_domains = $ mydestination
    719 smtputf8_enable = no
    720 smtpd_tls_fingerprint_digest = md5
    721 smtp_tls_fingerprint_digest = md5
    722

[root@falcon21 ~]# systemctl restart postfix dovecot
Job for postfix.service failed because the control process exited with er                                                                    ror code.
See "systemctl status postfix.service" and "journalctl -xe" for details.

[root@falcon21 ~]# systemctl status postfix.service -l
 postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2020-11-23 12:29:19 JST; 30s ago
  Process: 139105 ExecStop=/usr/sbin/postfix stop (code=exited, status=1/FAILURE)
  Process: 139131 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE)
  Process: 139128 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
  Process: 139110 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
 Main PID: 138415 (code=killed, signal=TERM)

11月 23 12:29:17 falcon21.space aliasesdb[139110]: /usr/sbin/postconf: warning: empty macro name: "$ mydestination"
11月 23 12:29:17 falcon21.space aliasesdb[139110]: /usr/sbin/postconf: fatal: macro processing error
11月 23 12:29:18 falcon21.space sendmail[139127]: alias database /etc/aliases rebuilt by root
11月 23 12:29:18 falcon21.space aliasesdb[139110]: /etc/aliases: 78 aliases, longest 21 bytes, 803 bytes total
11月 23 12:29:18 falcon21.space sendmail[139127]: /etc/aliases: 78 aliases, longest 21 bytes, 803 bytes total
11月 23 12:29:18 falcon21.space postfix[139131]: warning: empty macro name: "$ mydestination"
11月 23 12:29:18 falcon21.space postfix[139131]: fatal: dictionary mail_dict: macro processing error
11月 23 12:29:19 falcon21.space systemd[1]: postfix.service: Control process exited, code=exited status=1
11月 23 12:29:19 falcon21.space systemd[1]: postfix.service: Failed with result 'exit-code'.
11月 23 12:29:19 falcon21.space systemd[1]: Failed to start Postfix Mail Transport Agent.


<対処>


[root@falcon21 ~]# systemctl restart postfix dovecot
    718 # relay_domains = $ mydestination   コメント化

[root@falcon21 ~]# systemctl restart postfix dovecot 


-----------------------------------------


Cron <root@falcon21>; /root/tripwire.sh 通知

### Error: File could not be opened.
### Filename: /var/lib/tripwire/falcon21.space.twd

 
<対処>
[root@falcon21 ~]# vi tripwire.sh
単純コピペミス


Cron <root@falcon21>; bash ~/clear_memory_cache.sh  通知   

 /root/clear_memory_cache.sh: 行 3: swapoff: コマンドが見つかりません

 centOS8 、swapoff をインストール出来ない。


-----------------------------------------

投票数:5 平均点:10.00
この記事の1行目に飛ぶ
 
Back to Top