Author Topic: CSF Warnings (Read 15053 times)

bigdigillc · « **on:** 2015-01-06, 22:05:16 »

I installed CSF and immediately received over 30 warnings. I apparently have quite a bit of outgoing mail even though their are no email addresses on this server. I'm about to just move everything to cloud hosting, but I am hoping someone can help as I enjoy having my own servers. Here are 3 of the top warnings I get.

Code: [Select]

Time:    Tue Jan  6 21:42:32 2015 -0600
PID:     11661 (Parent PID:11661)
Account: apache
Uptime:  232 seconds


Executable:

/usr/bin/perl


Command Line (often faked in exploits):

init


Network connections by the process (if any):

tcp: 0.0.0.0:39331 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/dev/null


Memory maps by the process (if any):

003ea000-003f4000 r-xp 00000000 fd:03 14026056   /lib/libnss_files-2.5.so
003f4000-003f5000 r--p 00009000 fd:03 14026056   /lib/libnss_files-2.5.so
003f5000-003f6000 rw-p 0000a000 fd:03 14026056   /lib/libnss_files-2.5.so
0049c000-004ad000 r-xp 00000000 fd:03 25067533   /lib/libresolv-2.5.so
004ad000-004ae000 r--p 00010000 fd:03 25067533   /lib/libresolv-2.5.so
004ae000-004af000 rw-p 00011000 fd:03 25067533   /lib/libresolv-2.5.so
004af000-004b1000 rw-p 004af000 00:00 0 
006ab000-006c6000 r-xp 00000000 fd:03 25067521   /lib/ld-2.5.so
006c6000-006c7000 r--p 0001a000 fd:03 25067521   /lib/ld-2.5.so
006c7000-006c8000 rw-p 0001b000 fd:03 25067521   /lib/ld-2.5.so
006ca000-00820000 r-xp 00000000 fd:03 25067522   /lib/libc-2.5.so
00820000-00822000 r--p 00156000 fd:03 25067522   /lib/libc-2.5.so
00822000-00823000 rw-p 00158000 fd:03 25067522   /lib/libc-2.5.so
00823000-00826000 rw-p 00823000 00:00 0 
00828000-0084f000 r-xp 00000000 fd:03 25067541   /lib/libm-2.5.so
0084f000-00850000 r--p 00026000 fd:03 25067541   /lib/libm-2.5.so
00850000-00851000 rw-p 00027000 fd:03 25067541   /lib/libm-2.5.so
00853000-00856000 r-xp 00000000 fd:03 25067530   /lib/libdl-2.5.so
00856000-00857000 r--p 00002000 fd:03 25067530   /lib/libdl-2.5.so
00857000-00858000 rw-p 00003000 fd:03 25067530   /lib/libdl-2.5.so
0086f000-00885000 r-xp 00000000 fd:03 25067525   /lib/libpthread-2.5.so
00885000-00886000 r--p 00015000 fd:03 25067525   /lib/libpthread-2.5.so
00886000-00887000 rw-p 00016000 fd:03 25067525   /lib/libpthread-2.5.so
00887000-00889000 rw-p 00887000 00:00 0 
0088b000-009b6000 r-xp 00000000 fd:03 13503385   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
009b6000-009bb000 rw-p 0012a000 fd:03 13503385   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
009bb000-009bd000 rw-p 009bb000 00:00 0 
00b4c000-00b50000 r-xp 00000000 fd:03 9011206    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
00b50000-00b51000 rw-p 00003000 fd:03 9011206    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so
00b58000-00b5d000 r-xp 00000000 fd:03 14745629   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
00b5d000-00b5e000 rw-p 00004000 fd:03 14745629   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so
00d2e000-00d4a000 r-xp 00000000 fd:03 9437186    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so
00d4a000-00d4b000 rw-p 0001b000 fd:03 9437186    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so
00de4000-00df9000 r-xp 00000000 fd:03 25067529   /lib/libnsl-2.5.so
00df9000-00dfa000 r--p 00014000 fd:03 25067529   /lib/libnsl-2.5.so
00dfa000-00dfb000 rw-p 00015000 fd:03 25067529   /lib/libnsl-2.5.so
00dfb000-00dfd000 rw-p 00dfb000 00:00 0 
00e67000-00e6c000 r-xp 00000000 fd:03 8814602    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so
00e6c000-00e6d000 rw-p 00004000 fd:03 8814602    /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so
00eba000-00ebb000 r-xp 00eba000 00:00 0          [vdso]
02ecb000-02ecd000 r-xp 00000000 fd:03 25067547   /lib/libutil-2.5.so
02ecd000-02ece000 r--p 00001000 fd:03 25067547   /lib/libutil-2.5.so
02ece000-02ecf000 rw-p 00002000 fd:03 25067547   /lib/libutil-2.5.so
03189000-03192000 r-xp 00000000 fd:03 14024768   /lib/libcrypt-2.5.so
03192000-03193000 r--p 00008000 fd:03 14024768   /lib/libcrypt-2.5.so
03193000-03194000 rw-p 00009000 fd:03 14024768   /lib/libcrypt-2.5.so
03194000-031bb000 rw-p 03194000 00:00 0 
08048000-0804b000 r-xp 00000000 fd:03 13411704   /usr/bin/perl
0804b000-0804c000 rw-p 00002000 fd:03 13411704   /usr/bin/perl
097f4000-09c57000 rw-p 097f4000 00:00 0          [heap]
b7f6c000-b7f90000 rw-p b7f6c000 00:00 0 
b7fa0000-b7fa1000 rw-p b7fa0000 00:00 0 
bf9d0000-bf9e5000 rw-p bffe9000 00:00 0          [stack]

Code: [Select]

Time:   Tue Jan  6 21:28:30 2015 -0600
File:   /var/tmp/pUHBzSEXj
Reason: Linux Binary
Owner:  apache:apache (48:48)
Action: No action taken

Code: [Select]


[code]
Time:          Tue Jan  6 20:23:35 2015 -0600
Account:       qmailr
Process Count: 28 (Not killed)

Process Information:

User:qmailr PID:9043 PPID:2808 Run Time:56(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.co.id gail_dotson@somedomainofmine.com lahimihendra@yahoo.co.id User:qmailr PID:13104 PPID:2808 Run Time:24(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote aol.com carmen_mccray@somedomainofmine.com trentmjones89@aol.com User:qmailr PID:16281 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com jami_higgins@somedomainofmine.com abuzarabuzar@hotmail.com User:qmailr PID:16301 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.com summer_young@somedomainofmine.com vanessa_abeny_ramirez@yahoo.com User:qmailr PID:16302 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.com summer_young@somedomainofmine.com vanessa_8888888@yahoo.com User:qmailr PID:16310 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.fr deirdre_pena@somedomainofmine.com mironcello.zapatero@yahoo.fr User:qmailr PID:16326 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.com summer_young@somedomainofmine.com vanessa_@yahoo.com User:qmailr PID:16386 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.co.id deirdre_pena@somedomainofmine.com mirone13@yahoo.co.id User:qmailr PID:16394 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.fr lynda_justice@somedomainofmine.com sullivan_laurenceau@hotmail.fr User:qmailr PID:16406 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote live.com lynda_justice@somedomainofmine.com sullivan_newton@live.com User:qmailr PID:16411 PPID:2808 Run Time:1(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote walla.com deirdre_pena@somedomainofmine.com mironben@walla.com User:qmailr PID:16486 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote outlook.com deirdre_pena@somedomainofmine.com mirone1974@outlook.com User:qmailr PID:16491 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com lorna_washington@somedomainofmine.com azul_mael_13@hotmail.com User:qmailr PID:16520 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com brittney_dale@somedomainofmine.com ghassazar@hotmail.com User:qmailr PID:16532 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.com donna_beard@somedomainofmine.com hammad.khan05@yahoo.com User:qmailr PID:16536 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com summer_young@somedomainofmine.com vanessa_abigail_200@hotmail.com User:qmailr PID:16552 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote live.com donna_beard@somedomainofmine.com hammad.khalid@live.com User:qmailr PID:16566 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote outlook.com sophia_sherman@somedomainofmine.com tenaciousjbob@outlook.com User:qmailr PID:16587 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com sophia_sherman@somedomainofmine.com tenaciousjon@hotmail.com User:qmailr PID:16605 PPID:16406 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote live.com lynda_justice@somedomainofmine.com sullivan_newton@live.com User:qmailr PID:16606 PPID:16605 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote live.com lynda_justice@somedomainofmine.com sullivan_newton@live.com User:qmailr PID:16607 PPID:16606 Run Time:0(secs) Memory:12912(kb) exe:/usr/bin/perl cmd:/usr/bin/perl -I../lib /usr/bin/dkimsign.pl --type=dkim --selector=private --domain=somedomainofmine.com --key=/var/qmail/control/domainkeys/somedomainofmine.com/private --method=relaxed User:qmailr PID:16609 PPID:16606 Run Time:0(secs) Memory:1788(kb) exe:/usr/bin/tr cmd:tr -d \\r User:qmailr PID:16631 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com lynda_justice@somedomainofmine.com sullivan_ronald@hotmail.com User:qmailr PID:16648 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote hotmail.com deirdre_pena@somedomainofmine.com mironesmirones@hotmail.com User:qmailr PID:16662 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.com summer_young@somedomainofmine.com vanessa_alas20@yahoo.com User:qmailr PID:16690 PPID:2808 Run Time:0(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote yahoo.com deirdre_pena@somedomainofmine.com mironflavius75@yahoo.com User:qmailr PID:31821 PPID:2808 Run Time:7 11(secs) Memory:2564(kb) exe:/bin/bash cmd:/bin/bash /var/qmail/bin/qmail-remote lycos.cl serena_walter@somedomainofmine.com josephrm_3@lycos.cl

I followed the instructions here:
http://forum.mratwork.com/kloxo-mr-tips-and-tricks/installing-csf-alongside-kloxomr-%28how-to%29/

and posted about my original problem originally here:
http://forum.mratwork.com/kloxo-mr-technical-helps/load-warning-question/

Thanks for your help.

bigdigillc · « **Reply #1 on:** 2015-01-08, 19:37:06 »

UPDATE:

I was able to also install the sendmail wrapper from @chrisf found here:
http://forum.mratwork.com/kloxo-mr-tips-and-tricks/sendmail-userid-usage-limits-(script-v1-1b)/msg36743/#msg36743

I found one site that was sending quite a bit of mail by looking at the logs, but I am still getting warnings that qmail is sending a large amount of email out and I can't tell from where as they are not in the sendmail wrapper logs. I am also able to see quite a bit of what I guess is mail building up in the temp folder. *SEE BELOW Does anyone know where to go from here?

MRatWork · « **Reply #2 on:** 2015-01-08, 19:54:07 »

If you are using latest qmail-toaster, every sendmail will be logging to maillog with more detail. This is example sendmail after backup process:

Code: [Select]

Jan  2 10:19:47 oln1 root: sendmail: CALLER="/opt/php53s/usr/bin/php -c /opt/php53s/custom/php53s.ini ../bin/common/backup.php --class=client --name=admin --v-backup_file_name=kloxo-scheduled " PWD="/usr/local/lxlabs/kloxo/httpdocs"
Jan  2 10:19:48 oln1 send: new msg 10616889
Jan  2 10:19:48 oln1 send: info msg 10616889: bytes 394 from <root@oln1.hostspectra.com> qp 6207 uid 0
Jan  2 10:19:48 oln1 send: starting delivery 1: msg 10616889 to local bigraf.com-mustafa@bigraf.com
Jan  2 10:19:48 oln1 send: status: local 1/10 remote 0/60
Jan  2 10:19:48 oln1 send: delivery 1: success: did_0+0+1/
Jan  2 10:19:48 oln1 send: status: local 0/10 remote 0/60
Jan  2 10:19:48 oln1 send: end msg 10616889

fossxplorer · « **Reply #3 on:** 2015-01-09, 14:05:01 »

@bigdigillc,
have you enabled SpamDyke with DNS RBL Servers? This is MUST.
Also, CSF supports real time IP lookups and blocking. The IPs can be fetched automatically by CSF and updated regularly.

As to your warnings, some of them are legit processes that should be ignored by CSF, but you need to tell CSF to do so.
That perl process warning could be from Chris' script which is written in Perl?

Let me know if you need further help.

bigdigillc · « **Reply #4 on:** 2015-01-09, 16:33:36 »

Thanks for your help guys.

@MRatWork,
I have 3 servers running Kloxo. One is standalone and the other two are in a master / slave configuration. The master / slave are the one's I've been having the most trouble with. If I go to the 'Log Manager' in the web admin the mail log on all 3 servers is completely blank. Am I looking in the wrong place?

@fossxplorer,
I enabled SpamDyke and checked all the boxes, but I'm still getting messages piling up in the tmp folder. It looks like even more than before. If open one they look like this.

Code: [Select]

Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=private; d=oneofmydomains.com;
  b=BJqzfKsmENMYpOQ7CMCbGthjUvnL6Fs2gfYhuN/ElcJpXsIp9IdWoMmA8Mi2tDhcoObLQt/7j/D7H9BKfvrKHNQhDcMntYt8nxKWRcECKinVe9F9D3PalRlqg4OIHZJNFRF4Ec1Xcl68Ya1tXEQSvrKGAD8lvrbzm8y+RHaasPk=;
  h=Received:Date:Message-ID:To:Subject:From:Reply-To:X-Priority:MIME-Version:Content-Type:Content-Transfer-Encoding;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=oneofmydomains.com; h=date
	:message-id:to:subject:from:reply-to:mime-version:content-type
	:content-transfer-encoding; s=private; bh=QCud+pq1aEbRHUIPvraDCa
	0uBQg=; b=ksxrR/r0d67ZLub9/rdSm9UkCjBHYr9TW7iyWs89VuXqjrwps3kHpK
	5sc32iZMjQb60Qz9QJ67JPJHjh5LBIx1Ew16aWFwKsS5j1zC/coHzu08BIlympid
	d72KXP+e5VhH/9Q0xV8anBfwXp5vLfr3zI/oNyrjmUEzLU0urHf58=
Received: (qmail 15443 invoked by uid 1020); 8 Jan 2015 09:36:42 -0000
Date: 8 Jan 2015 09:36:42 -0000
Message-ID: <20150108093642.15442.qmail@bighost.xxxxx.net>
To: erik03@hotmail.com
Subject: Re:  Hi
From: "Cristina Joyner" <cristina_joyner@painfreehands.com>
Reply-To: "Cristina Joyner" <cristina_joyner@painfreehands.com>
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit


<div>Hey there, Your Solid Medic Goods <a href="http://studiolegaleraciti.com/wp-content/themes/twentyeleven/languages/xml.html">save up you money now</a></div>

It is really difficult to open as they disappear as fast as they appear.

Code: [Select]

Jan  8 01:00:01 slave1 crond[12509]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Jan  8 01:01:01 slave1 crond[12642]: (root) CMD (/var/qmail/bin/dh_key 2>&1 > /dev/null)
Jan  8 01:01:01 slave1 crond[12644]: (root) CMD (run-parts /etc/cron.hourly)
Jan  8 01:10:01 slave1 crond[12777]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /
..................................[i cut a bunch out here]
Jan  7 07:00:04 slave1 crond[5334]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Jan  7 07:01:01 slave1 crond[5367]: (root) CMD (run-parts /etc/cron.hourly)
Jan  7 07:11:30 slave1 crond[5391]: (root) error: Job execution of per-minute job scheduled for 07:10 delayed into subsequent minute 07:11. Skipping job run.
Jan  7 07:11:30 slave1 crond[5391]: CRON (root) ERROR: cannot set security context
Jan  7 07:20:02 slave1 crond[5511]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)

Any thoughts?

Thank you guys so much for your help. Also, I deleted perl from usr/bin from one server. How do I repair that?

MRatWork · « **Reply #5 on:** 2015-01-09, 21:07:27 »

Previous version of Kloxo-MR 7.0.0 have a trouble with rsyslog. May stop/inactive after logrotate process. Already fixed in latest version.

bigdigillc · « **Reply #6 on:** 2015-01-09, 22:13:36 »

Is this not the current version?

Code: [Select]


A. Kloxo-MR: 6.5.0.f-2015010801

B. OS: CentOS release 5.11 (Final) x86_64

C. Apps:
   1. MySQL: mysql55-5.5.41-2.ius.el5
   2. PHP: php54-5.4.36-1.ius.el5
   3. Httpd: httpd-2.2.29-1.mr.el5
   4. Lighttpd: --uninstalled--
   5. Nginx: nginx-1.7.9-1.el5.ngx
   6. Qmail: qmail-toaster-1.03-1.3.45.mr.el5
      - with: courier-imap-toaster-4.1.2-1.3.18.mr.el5
   7. Dns: bind-9.9.5-1.el5

D. Php-type (for Httpd/proxy): php-fpm_event

E. Memory:
                total       used       free     shared    buffers     cached
   Mem:         16046      14911       1134          0        727       9087
   -/+ buffers/cache:       5096      10949
   Swap:        18047          0      18047

is 7.0 a beta version?

fossxplorer · « **Reply #7 on:** 2015-01-10, 10:05:47 »

@bigdigillc
look at the DNS RBL section:
https://my.owndrive.com/public.php?service=files&t=2229799b3acd70afb27ca52996456d02

Do you have it configured?

bigdigillc · « **Reply #8 on:** 2015-01-11, 19:57:41 »

Thank you @fossxplorer. I made those entries and stopped getting the files in the temp folder, but I am still having outgoing mail issues as well as constant load warnings. The server never gave load warnings a year ago when there was far more traffic so I'm pretty sure it's compromised. I installed CSF, but it stopped working after a few days and there appears to be an odd IPTABLES rule on another server. There is an allow entry for an IP coming out of taiwan, but it's not in my rules file. It only shows up if I enter iptables -L. Also the slave server under processes has about 100 qmail processes at a time. Nothing should be using it as an email server.

Code: [Select]

3837 10.54 qmailr /bin/bash /var/qmail/bin/qmail-remote mydomain.com root@. myname@mydomain.com

bigdigillc · « **Reply #9 on:** 2015-01-12, 09:57:18 »

Here is a screen shot of what the processes look like on my slave server. I have blocked every inbound port except for 53 and 3306 (only if coming from master ip), but still. Furthermore, none my my servers are sending me alerts anymore. No more LOAD WARNINGS, no more MALDET scan results, no more, CSF alerts. Nothing.

Thank you guys for your help. I'm wondering if I just need to go to a VPS service. Also, for what it's worht there are 0 web applications on the slave server, so I'm pretty sure it's a KLOXO issue.

bigdigillc · « **Reply #10 on:** 2015-03-01, 13:05:53 »

Is there anyone who can help shed some light on this issue? I am getting the same processes on my MASTER server now. I have done a number of scans and haven't turned up any malicious code. I was able to repair the servers to the point where I am now getting alerts. The slave is sending me this alert every 2-30 minutes. I'm not sure if it is related or not.

Code: [Select]

Time:         Sun Mar  1 12:40:21 2015 -0600
Account:      smmsp
Resource:     Process Time
Exceeded:     31062 > 2000 (seconds)
Executable:   /usr/sbin/sendmail.sendmail
Command Line: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t
PID:          27018 (Parent PID:26686)
Killed:       No

Any help would be greatly appreciated. Thank you!

MRatWork · « **Reply #11 on:** 2015-03-01, 13:53:37 »

Attach sendmail.txt from 'cat /var/log/maillog|grep sendmail > /tmp/sendmail.txt' where you need latest qmail-toaster (no chrisf's modification). Run 'yum reinstall qmail-toaster -y; yum update qmail-toaster -y' for replace to latest qmail-toaster.

bigdigillc · « **Reply #12 on:** 2015-03-01, 22:22:25 »

I got this. Am I doing something wrong?

Code: [Select]

[root@BIGHOST ~]# cat /var/log/maillog|grep sendmail > /tmp/sendmail.txt
cat: /var/log/maillog: No such file or directory

bigdigillc · « **Reply #13 on:** 2015-03-01, 22:36:29 »

Also, this is in the tmp folder. Every time I hit refresh there are new ones.

This is the content of one of them.

Code: [Select]

Comment: DomainKeys? See http://domainkeys.sourceforge.net/
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=private; d=oneofmywebsites.com;
  b=qXZnBb1KLMBF9h6DeYxrtRQSajOJM0up9jSsedM0UV6AMt7RlaQpImvt8H8NRj/seDn8Kh2G9ImuxH72pFcls6his0RNcOcPhyVD2E6ywxWsBqUV5jYTVXPbJxlfRipzV6gget0YBJjk327hpV/kwy83ZWJjDkWqhdHcds6y5Jg=;
  h=Received:Date:Message-ID:To:Subject:From:Reply-To:X-Priority:MIME-Version:Content-Type:Content-Transfer-Encoding;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=oneofmywebsites.com; h=date
	:message-id:to:subject:from:reply-to:mime-version:content-type
	:content-transfer-encoding; s=private; bh=DhK1RkNz2v6B2USZkXIJMm
	bOHU4=; b=OAe0tEsowismbim6QypouhSeLldSWCvfuWlVWxaxxGyHyI6ImdUWH0
	YYaAET0PsqzTpfsLsU+28kcTeMQ0SrMAkWIgEZbSeygHy8SetD9VNoZMJb4lgRyk
	pgul86Q/76hL+4o3jeB8EU6fpx3dI9Nmdo7YF6LstUp947ai2OUj4=
Received: (qmail 17110 invoked by uid 1020); 27 Feb 2015 11:08:10 -0000
Date: 27 Feb 2015 11:08:10 -0000
Message-ID: <20150227110810.17109.qmail@MYSERVER.COM>
To: egilsinger@co.net
Subject: FW:  EzHotPorn.com - Fetish Ass Play Teen Girl
From: "Nadine Harmon" <nadine_harmon@oneofmywebsites.com>
Reply-To: "Nadine Harmon" <nadine_harmon@oneofmywebsites.com>
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit


<div>
EzHotPorn.com - Fetish Ass Play Teen Girl <a href="http://aerotec.org/modules/mod_jxtc_newspro/buttons/lg_dotted_left_right/css.html?Z2VrbnFrbGVncEJhbSxsZ3Y=">click here</a>
</div>

MRatWork · « **Reply #14 on:** 2015-03-02, 00:07:20 »

Look like something wrong with your server. The code 'cat /var/log/maillog|grep sendmail > /tmp/sendmail.txt' running well in my server.

The result something like:

Code: [Select]

Feb 28 10:32:37 oln1 root: sendmail: CALLER="/opt/php54s/usr/bin/php -c /opt/php54s/custom/php54s.ini ../bin/common/backup.php --class=client --name=nandin --v-backup_file_name=kloxo-scheduled" PWD="/usr/local/lxlabs/kloxo/httpdocs" BAN="no"
Feb 28 11:14:14 oln1 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Feb 28 12:49:17 oln1 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Feb 28 13:01:16 oln1 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/mratwork.com" BAN="no"
Feb 28 13:42:13 oln1 root: sendmail: CALLER="/opt/php54s/usr/bin/php -c /opt/php54s/custom/php54s.ini ../bin/common/backup.php --class=client --name=riginta --v-backup_file_name=kloxo-scheduled" PWD="/usr/local/lxlabs/kloxo/httpdocs" BAN="no"
Feb 28 13:42:39 oln1 root: sendmail: CALLER="/opt/php54s/usr/bin/php -c /opt/php54s/custom/php54s.ini ../bin/common/backup.php --class=client --name=spectra --v-backup_file_name=kloxo-scheduled" PWD="/usr/local/lxlabs/kloxo/httpdocs" BAN="no"
Feb 28 13:42:42 oln1 root: sendmail: CALLER="/opt/php54s/usr/bin/php -c /opt/php54s/custom/php54s.ini ../bin/common/backup.php --class=client --name=tsatir --v-backup_file_name=kloxo-scheduled" PWD="/usr/local/lxlabs/kloxo/httpdocs" BAN="no"
Feb 28 13:43:07 oln1 root: sendmail: CALLER="/opt/php54s/usr/bin/php -c /opt/php54s/custom/php54s.ini ../bin/common/backup.php --class=client --name=wulan --v-backup_file_name=kloxo-scheduled" PWD="/usr/local/lxlabs/kloxo/httpdocs" BAN="no"
Feb 28 13:47:22 oln1 root: sendmail: CALLER="/opt/php54s/usr/bin/php -c /opt/php54s/custom/php54s.ini ../bin/common/backup.php --class=client --name=lcid307b2 --v-backup_file_name=kloxo-scheduled" PWD="/usr/local/lxlabs/kloxo/httpdocs" BAN="no"
Feb 28 14:35:26 oln1 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/mratwork.com" BAN="no"
Feb 28 22:25:59 oln1 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/mratwork.com" BAN="no"
Mar  1 03:22:17 oln1 root: sendmail: CALLER="/sbin/init" PWD="/" BAN="no"

Author Topic: CSF Warnings (Read 15053 times)

bigdigillc

CSF Warnings

bigdigillc

Re: CSF Warnings

MRatWork

Re: CSF Warnings

fossxplorer

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

MRatWork

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

fossxplorer

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

MRatWork

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

bigdigillc

Re: CSF Warnings

MRatWork

Re: CSF Warnings