Need help with ISPConfig Mail and Squirrelmail

Discussion in 'Installation/Configuration' started by m.xander, Dec 24, 2011.

  1. m.xander

    m.xander New Member

    quotacheck

    Is this a happy quotacheck at this stage or not?

    it told me to use quotacheck -f to force checking...

    Code:
    root@25612-21212:~# quotacheck -favugm
    quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
    quotacheck: Scanning /dev/vzfs [/] done
    quotacheck: Checked 3811 directories and 42728 files
    quotacheck: Quota file //aquota.user has IMMUTABLE flag set. Clearing.
    quotacheck: Failed to remove IMMUTABLE flag from quota file //aquota.user: Inappropriate ioctl for device
    quotacheck: Quota file //aquota.group has IMMUTABLE flag set. Clearing.
    quotacheck: Failed to remove IMMUTABLE flag from quota file //aquota.group: Inappropriate ioctl for device
    root@25612-21212:~#
    Code:
    root@25612-21212:~# quotaon -avug
    quotaon: using //aquota.group on /dev/vzfs [/]: Device or resource busy
    quotaon: using //aquota.user on /dev/vzfs [/]: Device or resource busy
     
    Last edited: Jan 13, 2012
  2. cbj4074

    cbj4074 Member

    Yes, looks good!
     
  3. m.xander

    m.xander New Member

    17 Install Vlogger, Webalizer, And AWstats

    There's a problem with this step...

    Code:
    Setting up geoip-database (1.4.6.dfsg-17) ...
    Setting up awstats (6.9~dfsg-1ubuntu3.10.04.1) ...
    
    Setting up vlogger (1.3-3) ...
    root@25612-21212:~# cp -prf /usr/share/doc/awstats/examples/awstats_buildstaticpages.pl /usr/share/awstats/tools/awstats_buildstaticpages.pl
    cp: cannot create regular file `/usr/share/awstats/tools/awstats_buildstaticpages.pl': No such file or directory
    Is the directory supposed to be there after installing awstats... or is it because I don't have any users yet?
     
  4. cbj4074

    cbj4074 Member

    You need to create the "tools" directory.

    Code:
    # mkdir /usr/share/awstats/tools
    
    Then copy the file.
     
  5. m.xander

    m.xander New Member

    Just want to clarify

    /etc/hostname
    Code:
    25612-21212.vps.digitalpacific.com.au
    xanderit.com
    
    or remove 25612-21212.vps.digitalpacific.com.au
     
  6. cbj4074

    cbj4074 Member

    Remove 25612-21212.vps.digitalpacific.com.au.
     
  7. m.xander

    m.xander New Member

    ISPConfig is freshly installed...

    Thanks for going through all those steps guys... it was worth checking that everything during the install was correct to start with.

    ISPConfig 3.0.4.2 is installed and running, and the billing module is also installed successfully...

    The domains have been moved to the hosting company's nameservers.

    Shorltly I'll start setting up a primary domain and user, and a testclient and testdomain and email and ftp and post after I see if if's all working...

    Thanks again.
     
  8. m.xander

    m.xander New Member

    Hello...

    Well I've tested the email and it's still not working....

    [​IMG]
     
  9. cbj4074

    cbj4074 Member

    I know that we've been through this before, but can you please post a screenshot of the System -> Server Config -> example.com -> Mail tab within the ISPConfig interface?

    Also, do you mind creating a test email account for me? (You can PM me the login information.) I'm curious to see if I have the same problem.

    Frankly, I'm not sure why so many people use Courier. Dovecot seems to be a much better alternative, and I'd be able to help you more effectively if you were using Dovecot... please do consider it.
     
  10. m.xander

    m.xander New Member

    [​IMG]

    I've never used either prior to this so I've got no problem switching to Dovecot... is there a howto switch to Dovecot... I'll have a look. PM on the way...
     
  11. cbj4074

    cbj4074 Member

    I'm not sure what the best way to expunge Courier + Maildrop might be, or if leaving both installed will cause problems while installing Dovecot + Sieve, but this is my personal recipe for mail on Debian (including Ubuntu):

    Code:
    # apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d
    
    Edit /etc/postfix/master.cf and ensure that the services section of the file has the same lines as below un-commented; this enables email users to send and receive email over SSL:

    Code:
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       -       -       -       smtpd
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
    
    Clients who wish to use STARTTLS should use the standard ports for POP3 (110), IMAP (143), and SMTP (25). Clients who wish to use SSL/TLS should use port 995 for POP3, port 993 for IMAP, and port 465 for SMTP.

    Code:
    # /etc/init.d/postfix restart
    
    NOTE: The postfix config file can be found at /etc/postfix/main.cf and the master postfix config file can be found at /etc/postfix/master.cf. Note also that postfix may be reconfigured at any time with

    Code:
    # dpkg-reconfigure postfix
    
    (IMPORTANT: Ensure that /etc/mailname contains the correct hostname whenever postfix is reconfigured.)

    Install Amavisd-new, SpamAssassin, and Clamav:

    Code:
    # apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
    
    The following messages of interest may be included in the output:

    Code:
    Setting up clamav-daemon (0.96.3+dfsg-2ubuntu1.0.10.04.1) ...
     * Clamav signatures not found in /var/lib/clamav
     * Please retrieve them using freshclam or install the clamav-data package
     * Then run '/etc/init.d/clamav-daemon start'
    
    Code:
    SpamAssassin Mail Filter Daemon: disabled, see /etc/default/spamassassin
    
    Despite the SpamAssasin message, the configuration file at /etc/default/spamassassin may contain ENABLED=1; ensure that this is the case. Note also that the amavis configuration file may be found at /etc/amavis/conf.d/50-user and the amavis log file may be found at /var/log/amavis.log.

    ISPConfig should be reconfigured at this point. Accept all of the defaults during installation. The reconfiguration process may undo some of the above changes, so it is important to double-check the above steps after reconfiguring ISPConfig. To reconfigure:

    Code:
    # ispconfig_update.sh
    
    Don't forget to log into ISPConfig and change the Mail service settings to Dovecot + Sieve.

    Those are the basics!
     
    Last edited: Jan 20, 2012
  12. cbj4074

    cbj4074 Member

    Mail account setup and attempting to send

    See attached screenshots for reference.

    Image #1

    Thunderbird fails to detect my servers' configuration settings automatically. I always have to configure accounts manually. I'm not sure why. But configuring the account manually works as expected for my servers.

    Note that I have enabled TLS for the connection.

    Also, I have changed the default server hostnames from .xanderit.com to xanderit.com. (mail.xanderit.com should work, too, provided that your hosting provider creates those DNS records automatically [most do], or you have created them manually. Using mail.example.com is the preferred method because if it ever becomes necessary to move email services to a different server, users won't need to reconfigure their email clients.)

    Image #2

    We receive the certificate warning, as expected. This is good, and it indicates that Courier is accepting encrypted connections on port 143.

    I accept the certificate permanently.

    Image #3

    Just a close-up of the certificate. The certificate details appear to be correct.

    Image #4

    Thunderbird goes on to check my authentication credentials.

    Image #5

    Thunderbird complains that my credentials may be wrong (they should be correct, so the message is likely inaccurate).

    So, I hit "Advanced config" on the left to force Thunderbird to accept the settings as I've entered them, despite its inability to auto-configure the account.

    In the next post, I attempt to send mail...
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      40.5 KB
      Views:
      199
    • 2.png
      2.png
      File size:
      50.6 KB
      Views:
      200
    • 3.jpg
      3.jpg
      File size:
      38.8 KB
      Views:
      200
    • 4.jpg
      4.jpg
      File size:
      39.4 KB
      Views:
      194
    • 5.jpg
      5.jpg
      File size:
      44.1 KB
      Views:
      196
    Last edited: Jan 20, 2012
  13. m.xander

    m.xander New Member

    Code:
    root@25612-21212:/etc/bind# apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    postfix is already the newest version.
    postfix-mysql is already the newest version.
    postfix-doc is already the newest version.
    mysql-client is already the newest version.
    mysql-server is already the newest version.
    libsasl2-2 is already the newest version.
    libsasl2-modules is already the newest version.
    libsasl2-modules-sql is already the newest version.
    sasl2-bin is already the newest version.
    libpam-mysql is already the newest version.
    openssl is already the newest version.
    getmail4 is already the newest version.
    rkhunter is already the newest version.
    binutils is already the newest version.
    The following packages were automatically installed and are no longer required:
      ispell courier-ssl courier-base courier-authlib-userdb iamerican
    Use 'apt-get autoremove' to remove them.
    The following extra packages will be installed:
      dovecot-common
    Suggested packages:
      ufw
    The following packages will be REMOVED:
      courier-imap courier-imap-ssl courier-pop courier-pop-ssl
    The following NEW packages will be installed:
      dovecot-common dovecot-imapd dovecot-pop3d
    0 upgraded, 3 newly installed, 4 to remove and 6 not upgraded.
    Need to get 7446kB of archives.
    After this operation, 12.2MB of additional disk space will be used.
    
    ...

    Code:
    adduser: Warning: The home directory `/usr/lib/dovecot' does not belong to the user you are currently creating.
    Creating generic self-signed certificate:  /etc/ssl/certs/dovecot.pem
    (replace with hand-crafted or authorized one if needed).
    ...

    Code:
     * Restarting IMAP/POP3 mail server dovecot                                     If you have trouble with authentication failures,
    enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
    This message goes away after the first successful login.
    
    /etc/mailname
    Code:
    xanderit.com
    /etc/postfix/main.cf
    Code:
    myhostname = 25612-21212.vps.digitalpacific.com.au
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = localhost, localhost.localdomain
    
    ...

    Code:
    apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    amavisd-new is already the newest version.
    spamassassin is already the newest version.
    clamav is already the newest version.
    clamav-daemon is already the newest version.
    zoo is already the newest version.
    unzip is already the newest version.
    bzip2 is already the newest version.
    arj is already the newest version.
    nomarch is already the newest version.
    lzop is already the newest version.
    cabextract is already the newest version.
    apt-listchanges is already the newest version.
    libnet-ldap-perl is already the newest version.
    libauthen-sasl-perl is already the newest version.
    clamav-docs is already the newest version.
    daemon is already the newest version.
    libio-string-perl is already the newest version.
    libio-socket-ssl-perl is already the newest version.
    libnet-ident-perl is already the newest version.
    zip is already the newest version.
    libnet-dns-perl is already the newest version.
    The following packages were automatically installed and are no longer required:
      ispell courier-ssl courier-base courier-authlib-userdb iamerican
    Use 'apt-get autoremove' to remove them.
    0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
    /etc/default/spamassassin
    Code:
    # Change to one to enable spamd
    ENABLED=1
    
    and then in ISPConfig I changed from Courier to Dovecot - and Maildrop to Sieve
    [​IMG]

    Do I have to re create the mailboxes previously created now that Courier is out and Dovecot is in..?
     
    Last edited: Jan 20, 2012
  14. cbj4074

    cbj4074 Member

    Image #1

    When I attempt to send mail via the SMTP server at xanderit.com, I see this message.

    There's a bug in Thunderbird that causes the SSL certificate dialog to be "lost in the shuffle", and this message is often the result of an SSL warning dialog that has not been accepted. I have filed a report regarding this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=714706

    Image #2

    This is the dialog that was "hiding" behind the compose message window. I confirm the security exception for the SMTP server (we already confirmed the warning for the IMAP server).

    And... drumroll... I receive the test message at the destination account (which is at a domain that I control).

    Image #3

    However, the compose message window gets "stuck" on "Copying message to Sent folder". The dialog has been up for 20 minutes. I have no idea why that might be. Are the permissions on the mail directories correct?

    What's the output of

    Code:
    # ls -lah /var/vmail
    
    I notice also that none of the default IMAP folders exist (Sent, Drafts, Trash, etc.).
     

    Attached Files:

    • 6.png
      6.png
      File size:
      37.7 KB
      Views:
      185
    • 7.png
      7.png
      File size:
      56.3 KB
      Views:
      176
    • 9.jpg
      9.jpg
      File size:
      38.6 KB
      Views:
      179
    Last edited: Jan 20, 2012
  15. cbj4074

    cbj4074 Member

    When I replied to the test message that I sent to my own account from xanderit.com, the mail was accepted for delivery.

    Then, when I went to check my inbox on xanderit.com, the Thunderbird status bar showed:

    Checking mail server capabilities...

    Sending login information...

    and then

    Image #1

    Authentication failure. There should be a corresponding entry in /var/log/auth.log around 10:38 PM (EST).

    I re-enter the same password (which we will assume to be correct) and again I receive the dialog.

    Is this due to switching from Courier to Dovecot? Hmm, it shouldn't be, because I should still have a virtual mailbox in the ISPConfig's MySQL database.

    Image #2

    When I tried to check mail immediately after configuring the account, before my first post in this little mini-series, I received the pop-up error at the bottom of the Thunderbird interface.

    Anyway, I'm receiving an authentication failure now (pictured in image #1), which actually seems like a step in the right direction. (I no longer see the pop-up message in image #2.) I'll await a response before performing further tests.
     

    Attached Files:

    • 1.png
      1.png
      File size:
      19.1 KB
      Views:
      179
    • 2.jpg
      2.jpg
      File size:
      9 KB
      Views:
      186
    Last edited: Jan 20, 2012
  16. cbj4074

    cbj4074 Member

    Curiously, I am still able to send mail, which means that my credentials are good. But I still receive the never-ending progress bar when Thunderbird attempts to copy the message to Sent (the folder seems not to exist).

    Are you sure that you didn't check the "Disable IMAP" box on the mailbox configuration screen?

    Also, whenever login fails during IMAP inbox check, Thunderbird's Error Console fills-up with this message:

    Error: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgFolder.getStringProperty]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://messenger/content/folderPane.js :: getSmartFolderName :: line 2471" data: no]
    Source File: chrome://messenger/content/folderPane.js
    Line: 2473

    Not sure what that may mean, but it's probably related to the root issue.
     
    Last edited: Jan 20, 2012
  17. m.xander

    m.xander New Member

    [​IMG]

    ls -lah /var/vmail
    total 24K
    drwxr-xr-x 5 root root 4.0K Jan 15 15:20 .
    drwxr-xr-x 17 root root 4.0K Jan 15 00:30 ..
    -rw------- 1 vmail vmail 1.5K Jan 14 11:46 .mailfilter
    drwxr-xr-x 4 root root 4.0K Jan 15 15:20 mailfilters
    drwx------ 3 root root 4.0K Jan 14 17:55 urbancampsite.com
    drwx------ 5 root root 4.0K Jan 20 12:46 xanderit.com

    "Curiously, I am still able to send mail, which means that my credentials are good. But I still receive infinite progress bar when Thunderbird attempts to copy the message to Sent (the folder seems not to exist)."
    -This is similar to what evolution is doing

    "Are you sure that you didn't check the "Disable IMAP" box on the mailbox configuration screen?"
    -not checked
     
  18. cbj4074

    cbj4074 Member

    Okay a couple of things.

    1.) I tried configuring the mail account as POP instead of IMAP. I still receive an authentication failure, although the dialog is slightly different (see image #1).

    2.) The permissions on the vmail directories are incorrect. That would definitely cause the issue with the Sent folder.

    They should look like this:

    Code:
    # ls -lah /var/vmail
    total 48K
    drwxr-xr-x  7 vmail vmail 4.0K Oct 22 11:56 .
    drwxr-xr-x 18 root  root  4.0K Oct 23 11:03 ..
    -rw-r--r--  1 vmail vmail  220 Apr 18  2010 .bash_logout
    -rw-r--r--  1 vmail vmail 3.1K Apr 18  2010 .bashrc
    -rw-------  1 vmail vmail 1.4K Jan  2 19:23 .mailfilter
    -rw-r--r--  1 root  root  1.4K Jan  2 19:23 .mailfilter~
    -rw-r--r--  1 vmail vmail  675 Apr 18  2010 .profile
    drwxr-xr-x 12 vmail vmail 4.0K Nov 23  2010 example.com
    drwxr-xr-x  2 root  root  4.0K Nov  9  2010 mailfilters
    drwxr-xr-x  8 vmail vmail 4.0K Apr  3  2011 example2.com
    
    Try changing the permissions on those directories to match my example above, e.g.:

    Code:
    # chown -R vmail:vmail /var/vmail/xanderit.com
    # chmod -R 755 /var/vmail/xanderit.com
    
    and any other changes that may be necessary.

    Concerning the warning that you received while installing Dovecot:

    This seems expected because the "root" user should own /usr/lib/dovecot (and clearly, Dovecot setup was not creating a user named "root").

    Glad you posted the DNS records. Those shouldn't be there. From what I understand, and based on previous posts in this thread, you pointed your domain's nameservers back to the hosting provider's servers (ns1 and ns2.digitalpacific.com.au). If that is the case, then there is no point in making the same entries within ISPConfig and Bind.

    As I said earlier, I don't use Bind or ISPConfig's interface for it, so I don't know if the presence of those records could be interfering in any way, but I would delete them. (The DNS records look correct, if you were to be running your own nameservers, by the way.)

    You didn't say whether you found anything relevant in /var/log/auth.log around 10:38PM Eastern...
     

    Attached Files:

    • 1.png
      1.png
      File size:
      27.1 KB
      Views:
      186
    Last edited: Jan 20, 2012
  19. m.xander

    m.xander New Member

    I removed the NS entries from ISPConfig...

    Code:
    # chown -R vmail:vmail /var/vmail/xanderit.com
    # chmod -R 755 /var/vmail/xanderit.com
    Code:
    ls -lah /var/vmail
    total 24K
    drwxr-xr-x  5 root  root  4.0K Jan 15 15:20 .
    drwxr-xr-x 17 root  root  4.0K Jan 15 00:30 ..
    -rw-------  1 vmail vmail 1.5K Jan 14 11:46 .mailfilter
    drwxr-xr-x  4 root  root  4.0K Jan 15 15:20 mailfilters
    drwxr-xr-x  3 vmail vmail 4.0K Jan 14 17:55 urbancampsite.com
    drwxr-xr-x  5 vmail vmail 4.0K Jan 20 12:46 xanderit.com
     
  20. m.xander

    m.xander New Member

    from /var/log/auth.log

    Code:
    Jan 20 12:18:33 25612-21212 sshd[3706]: reverse mapping checking getaddrinfo for acupfulloftea1a.com [174.139.64.2] failed - POSSIBLE BREAK-IN ATTEMPT!
    Jan 20 12:18:33 25612-21212 sshd[3706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.139.64.2  user=bin
    Jan 20 12:18:36 25612-21212 sshd[3706]: Failed password for bin from 174.139.64.2 port 44057 ssh2
    Jan 20 12:18:37 25612-21212 sshd[3708]: reverse mapping checking getaddrinfo for acupfulloftea1a.com [174.139.64.2] failed - POSSIBLE BREAK-IN ATTEMPT!
    Jan 20 12:18:37 25612-21212 sshd[3708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.139.64.2  user=root
    Jan 20 12:18:39 25612-21212 sshd[3708]: Failed password for root from 174.139.64.2 port 45105 ssh2
    Jan 20 12:18:41 25612-21212 sshd[3712]: reverse mapping checking getaddrinfo for acupfulloftea1a.com [174.139.64.2] failed - POSSIBLE BREAK-IN ATTEMPT!
    Jan 20 12:18:41 25612-21212 sshd[3712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.139.64.2  user=root
    Jan 20 12:18:43 25612-21212 sshd[3712]: Failed password for root from 174.139.64.2 port 46102 ssh2
    Jan 20 12:18:44 25612-21212 sshd[3714]: reverse mapping checking getaddrinfo for acupfulloftea1a.com [174.139.64.2] failed - POSSIBLE BREAK-IN ATTEMPT!
    Jan 20 12:18:44 25612-21212 sshd[3714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.139.64.2  user=root
    Jan 20 12:18:47 25612-21212 sshd[3714]: Failed password for root from 174.139.64.2 port 47107 ssh2
    Jan 20 12:18:48 25612-21212 sshd[3716]: reverse mapping checking getaddrinfo for acupfulloftea1a.com [174.139.64.2] failed - POSSIBLE BREAK-IN ATTEMPT!
    Jan 20 12:18:48 25612-21212 sshd[3716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.139.64.2  user=root
    Jan 20 12:18:50 25612-21212 sshd[3716]: Failed password for root from 174.139.64.2 port 48202 ssh2
    Jan 20 12:18:52 25612-21212 sshd[3718]: reverse mapping checking getaddrinfo for acupfulloftea1a.com [174.139.64.2] failed - POSSIBLE BREAK-IN ATTEMPT!
    Jan 20 12:18:52 25612-21212 sshd[3718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.139.64.2  user=root
    Jan 20 12:18:53 25612-21212 sshd[3718]: Failed password for root from 174.139.64.2 port 49200 ssh2
    Jan 20 12:19:01 25612-21212 CRON[3728]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:19:01 25612-21212 CRON[3728]: pam_unix(cron:session): session closed for user root
    Jan 20 12:20:01 25612-21212 CRON[3752]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
    Jan 20 12:20:01 25612-21212 CRON[3754]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 12:20:01 25612-21212 CRON[3757]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:20:01 25612-21212 CRON[3756]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:20:01 25612-21212 CRON[3754]: pam_unix(cron:session): session closed for user www-data
    Jan 20 12:20:01 25612-21212 CRON[3756]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:20:01 25612-21212 CRON[3752]: pam_unix(cron:session): session closed for user smmsp
    Jan 20 12:20:01 25612-21212 postfix/smtpd[3803]: sql auxprop plugin using mysql engine 
    Jan 20 12:20:02 25612-21212 CRON[3757]: pam_unix(cron:session): session closed for user root
    Jan 20 12:20:02 25612-21212 postfix/smtpd[3830]: sql auxprop plugin using mysql engine 
    Jan 20 12:21:01 25612-21212 CRON[3840]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:21:01 25612-21212 CRON[3840]: pam_unix(cron:session): session closed for user root
    Jan 20 12:22:01 25612-21212 CRON[3846]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:22:01 25612-21212 CRON[3846]: pam_unix(cron:session): session closed for user root
    Jan 20 12:23:01 25612-21212 CRON[3852]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:23:01 25612-21212 CRON[3852]: pam_unix(cron:session): session closed for user root
    Jan 20 12:24:01 25612-21212 CRON[3858]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:24:01 25612-21212 CRON[3858]: pam_unix(cron:session): session closed for user root
    Jan 20 12:25:01 25612-21212 CRON[3882]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:25:01 25612-21212 CRON[3883]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:25:01 25612-21212 CRON[3882]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:25:01 25612-21212 postfix/smtpd[3906]: sql auxprop plugin using mysql engine 
    Jan 20 12:25:01 25612-21212 CRON[3883]: pam_unix(cron:session): session closed for user root
    Jan 20 12:26:01 25612-21212 CRON[3987]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:26:01 25612-21212 CRON[3987]: pam_unix(cron:session): session closed for user root
    Jan 20 12:27:01 25612-21212 CRON[3993]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:27:01 25612-21212 CRON[3993]: pam_unix(cron:session): session closed for user root
    Jan 20 12:28:01 25612-21212 CRON[3999]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:28:01 25612-21212 CRON[3999]: pam_unix(cron:session): session closed for user root
    Jan 20 12:29:01 25612-21212 CRON[4011]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:29:01 25612-21212 CRON[4011]: pam_unix(cron:session): session closed for user root
    Jan 20 12:30:01 25612-21212 CRON[4035]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 12:30:01 25612-21212 CRON[4037]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:30:01 25612-21212 CRON[4039]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:30:01 25612-21212 CRON[4035]: pam_unix(cron:session): session closed for user www-data
    Jan 20 12:30:01 25612-21212 CRON[4037]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:30:01 25612-21212 postfix/smtpd[4064]: sql auxprop plugin using mysql engine 
    Jan 20 12:30:02 25612-21212 CRON[4039]: pam_unix(cron:session): session closed for user root
    Jan 20 12:31:01 25612-21212 CRON[4091]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:31:01 25612-21212 CRON[4091]: pam_unix(cron:session): session closed for user root
    Jan 20 12:32:01 25612-21212 CRON[5129]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:32:01 25612-21212 CRON[5129]: pam_unix(cron:session): session closed for user root
    Jan 20 12:33:01 25612-21212 CRON[5134]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:33:01 25612-21212 CRON[5134]: pam_unix(cron:session): session closed for user root
    Jan 20 12:34:01 25612-21212 CRON[5140]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:34:01 25612-21212 CRON[5140]: pam_unix(cron:session): session closed for user root
    Jan 20 12:35:01 25612-21212 CRON[5164]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:35:01 25612-21212 CRON[5166]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:35:01 25612-21212 CRON[5164]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:35:01 25612-21212 postfix/smtpd[5188]: sql auxprop plugin using mysql engine 
    Jan 20 12:35:01 25612-21212 CRON[5166]: pam_unix(cron:session): session closed for user root
    Jan 20 12:36:01 25612-21212 CRON[5271]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:36:01 25612-21212 CRON[5271]: pam_unix(cron:session): session closed for user root
    Jan 20 12:37:01 25612-21212 CRON[5277]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:37:02 25612-21212 CRON[5277]: pam_unix(cron:session): session closed for user root
    Jan 20 12:38:01 25612-21212 CRON[5283]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:38:01 25612-21212 CRON[5283]: pam_unix(cron:session): session closed for user root
    Jan 20 12:39:01 25612-21212 CRON[5289]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:39:01 25612-21212 CRON[5291]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:39:01 25612-21212 CRON[5291]: pam_unix(cron:session): session closed for user root
    Jan 20 12:39:01 25612-21212 CRON[5289]: pam_unix(cron:session): session closed for user root
    Jan 20 12:40:01 25612-21212 CRON[5318]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
    Jan 20 12:40:01 25612-21212 CRON[5322]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:40:01 25612-21212 CRON[5320]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 12:40:01 25612-21212 CRON[5321]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:40:01 25612-21212 CRON[5320]: pam_unix(cron:session): session closed for user www-data
    Jan 20 12:40:01 25612-21212 CRON[5321]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:40:01 25612-21212 postfix/smtpd[5372]: sql auxprop plugin using mysql engine 
    Jan 20 12:40:01 25612-21212 CRON[5318]: pam_unix(cron:session): session closed for user smmsp
    Jan 20 12:40:01 25612-21212 CRON[5322]: pam_unix(cron:session): session closed for user root
    Jan 20 12:40:01 25612-21212 postfix/smtpd[5401]: sql auxprop plugin using mysql engine 
    Jan 20 12:41:01 25612-21212 CRON[5408]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:41:01 25612-21212 CRON[5408]: pam_unix(cron:session): session closed for user root
    Jan 20 12:42:01 25612-21212 CRON[5414]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:42:01 25612-21212 CRON[5414]: pam_unix(cron:session): session closed for user root
    Jan 20 12:43:01 25612-21212 CRON[5420]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:43:01 25612-21212 CRON[5420]: pam_unix(cron:session): session closed for user root
    Jan 20 12:44:01 25612-21212 CRON[5426]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:44:01 25612-21212 CRON[5426]: pam_unix(cron:session): session closed for user root
    Jan 20 12:45:01 25612-21212 CRON[5432]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:45:01 25612-21212 CRON[5433]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:45:01 25612-21212 CRON[5432]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:45:01 25612-21212 postfix/smtpd[5459]: sql auxprop plugin using mysql engine 
    Jan 20 12:45:01 25612-21212 CRON[5433]: pam_unix(cron:session): session closed for user root
    Jan 20 12:46:01 25612-21212 CRON[5562]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:46:01 25612-21212 su[5568]: Successful su for vmail by root
    Jan 20 12:46:01 25612-21212 su[5568]: + ??? root:vmail
    Jan 20 12:46:01 25612-21212 su[5568]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
    Jan 20 12:46:01 25612-21212 su[5568]: pam_unix(su:session): session opened for user vmail by (uid=0)
    Jan 20 12:46:01 25612-21212 su[5568]: pam_unix(su:session): session closed for user vmail
    Jan 20 12:46:01 25612-21212 CRON[5562]: pam_unix(cron:session): session closed for user root
    Jan 20 12:47:01 25612-21212 CRON[5592]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:47:02 25612-21212 CRON[5592]: pam_unix(cron:session): session closed for user root
    Jan 20 12:48:01 25612-21212 CRON[5597]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:48:01 25612-21212 CRON[5597]: pam_unix(cron:session): session closed for user root
    Jan 20 12:49:01 25612-21212 CRON[5603]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:49:01 25612-21212 CRON[5603]: pam_unix(cron:session): session closed for user root
    Jan 20 12:50:01 25612-21212 CRON[5609]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 12:50:01 25612-21212 CRON[5610]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:50:01 25612-21212 CRON[5609]: pam_unix(cron:session): session closed for user www-data
    Jan 20 12:50:01 25612-21212 CRON[5613]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:50:01 25612-21212 CRON[5610]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:50:01 25612-21212 postfix/smtpd[5636]: sql auxprop plugin using mysql engine 
    Jan 20 12:50:01 25612-21212 CRON[5613]: pam_unix(cron:session): session closed for user root
    Jan 20 12:51:01 25612-21212 CRON[5680]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:51:01 25612-21212 CRON[5680]: pam_unix(cron:session): session closed for user root
    Jan 20 12:52:01 25612-21212 CRON[5687]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:52:01 25612-21212 CRON[5687]: pam_unix(cron:session): session closed for user root
    Jan 20 12:53:01 25612-21212 CRON[5693]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:53:01 25612-21212 CRON[5693]: pam_unix(cron:session): session closed for user root
    Jan 20 12:54:01 25612-21212 CRON[5699]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:54:01 25612-21212 CRON[5699]: pam_unix(cron:session): session closed for user root
    Jan 20 12:55:01 25612-21212 CRON[5704]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 12:55:01 25612-21212 CRON[5706]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:55:01 25612-21212 CRON[5704]: pam_unix(cron:session): session closed for user getmail
    Jan 20 12:55:01 25612-21212 postfix/smtpd[5728]: sql auxprop plugin using mysql engine 
    Jan 20 12:55:01 25612-21212 CRON[5706]: pam_unix(cron:session): session closed for user root
    Jan 20 12:56:01 25612-21212 CRON[5832]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:56:01 25612-21212 CRON[5832]: pam_unix(cron:session): session closed for user root
    Jan 20 12:57:01 25612-21212 CRON[5838]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:57:01 25612-21212 CRON[5840]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:57:01 25612-21212 CRON[5838]: pam_unix(cron:session): session closed for user root
    Jan 20 12:57:01 25612-21212 CRON[5840]: pam_unix(cron:session): session closed for user root
    Jan 20 12:58:01 25612-21212 CRON[5847]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:58:01 25612-21212 CRON[5847]: pam_unix(cron:session): session closed for user root
    Jan 20 12:59:01 25612-21212 CRON[5853]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 12:59:01 25612-21212 CRON[5853]: pam_unix(cron:session): session closed for user root
    Jan 20 13:00:01 25612-21212 CRON[5859]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
    Jan 20 13:00:01 25612-21212 CRON[5861]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 13:00:01 25612-21212 CRON[5863]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:00:01 25612-21212 CRON[5864]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:00:01 25612-21212 CRON[5861]: pam_unix(cron:session): session closed for user www-data
    Jan 20 13:00:01 25612-21212 CRON[5863]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:00:02 25612-21212 postfix/smtpd[5910]: sql auxprop plugin using mysql engine 
    Jan 20 13:00:02 25612-21212 CRON[5859]: pam_unix(cron:session): session closed for user smmsp
    Jan 20 13:00:06 25612-21212 postfix/smtpd[5940]: sql auxprop plugin using mysql engine 
    Jan 20 13:00:08 25612-21212 CRON[5864]: pam_unix(cron:session): session closed for user root
    Jan 20 13:01:01 25612-21212 CRON[5978]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:01:01 25612-21212 CRON[5978]: pam_unix(cron:session): session closed for user root
    Jan 20 13:02:01 25612-21212 CRON[5983]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:02:01 25612-21212 CRON[5983]: pam_unix(cron:session): session closed for user root
    Jan 20 13:03:01 25612-21212 CRON[5989]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:03:01 25612-21212 CRON[5989]: pam_unix(cron:session): session closed for user root
    Jan 20 13:04:01 25612-21212 CRON[5995]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:04:01 25612-21212 CRON[5995]: pam_unix(cron:session): session closed for user root
    Jan 20 13:05:01 25612-21212 CRON[6001]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:05:01 25612-21212 CRON[6003]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:05:01 25612-21212 CRON[6001]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:05:01 25612-21212 postfix/smtpd[6025]: sql auxprop plugin using mysql engine 
    Jan 20 13:05:02 25612-21212 CRON[6003]: pam_unix(cron:session): session closed for user root
    Jan 20 13:06:01 25612-21212 CRON[6127]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:06:01 25612-21212 CRON[6127]: pam_unix(cron:session): session closed for user root
    Jan 20 13:07:01 25612-21212 CRON[6133]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:07:01 25612-21212 CRON[6133]: pam_unix(cron:session): session closed for user root
    Jan 20 13:08:01 25612-21212 CRON[6138]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:08:01 25612-21212 CRON[6138]: pam_unix(cron:session): session closed for user root
    Jan 20 13:09:01 25612-21212 CRON[7169]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:09:01 25612-21212 CRON[7168]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:09:01 25612-21212 CRON[7168]: pam_unix(cron:session): session closed for user root
    Jan 20 13:09:01 25612-21212 CRON[7169]: pam_unix(cron:session): session closed for user root
    Jan 20 13:09:33 25612-21212 postfix/smtpd[7232]: sql auxprop plugin using mysql engine 
    Jan 20 13:09:33 25612-21212 postfix/smtpd[7234]: sql auxprop plugin using mysql engine 
    Jan 20 13:09:33 25612-21212 postfix/smtpd[7235]: sql auxprop plugin using mysql engine 
    Jan 20 13:09:33 25612-21212 postfix/smtpd[7236]: sql auxprop plugin using mysql engine 
    Jan 20 13:10:01 25612-21212 CRON[7238]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 13:10:01 25612-21212 CRON[7239]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:10:01 25612-21212 CRON[7238]: pam_unix(cron:session): session closed for user www-data
    Jan 20 13:10:01 25612-21212 CRON[7243]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:10:01 25612-21212 CRON[7239]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:10:01 25612-21212 CRON[7243]: pam_unix(cron:session): session closed for user root
    Jan 20 13:11:01 25612-21212 CRON[7308]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:11:01 25612-21212 CRON[7308]: pam_unix(cron:session): session closed for user root
    Jan 20 13:11:46 25612-21212 sshd[7319]: Did not receive identification string from 202.47.160.12
    Jan 20 13:12:01 25612-21212 CRON[7332]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:12:01 25612-21212 CRON[7332]: pam_unix(cron:session): session closed for user root
    Jan 20 13:13:01 25612-21212 CRON[7350]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:13:01 25612-21212 CRON[7350]: pam_unix(cron:session): session closed for user root
    Jan 20 13:14:01 25612-21212 CRON[7356]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:14:01 25612-21212 CRON[7356]: pam_unix(cron:session): session closed for user root
    Jan 20 13:15:01 25612-21212 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:15:01 25612-21212 CRON[7362]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:15:01 25612-21212 CRON[7362]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:15:01 25612-21212 postfix/smtpd[7390]: sql auxprop plugin using mysql engine 
    Jan 20 13:15:01 25612-21212 CRON[7363]: pam_unix(cron:session): session closed for user root
    Jan 20 13:16:01 25612-21212 CRON[7491]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:16:01 25612-21212 CRON[7491]: pam_unix(cron:session): session closed for user root
    Jan 20 13:17:01 25612-21212 CRON[7500]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:17:01 25612-21212 CRON[7500]: pam_unix(cron:session): session closed for user root
    Jan 20 13:18:01 25612-21212 CRON[7506]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:18:02 25612-21212 CRON[7506]: pam_unix(cron:session): session closed for user root
    Jan 20 13:19:01 25612-21212 CRON[7524]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:19:01 25612-21212 CRON[7524]: pam_unix(cron:session): session closed for user root
    Jan 20 13:19:56 25612-21212 postfix/smtpd[7530]: sql auxprop plugin using mysql engine 
    Jan 20 13:19:58 25612-21212 postfix/smtpd[7533]: sql auxprop plugin using mysql engine 
    Jan 20 13:20:01 25612-21212 CRON[7534]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
    Jan 20 13:20:01 25612-21212 CRON[7536]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 13:20:01 25612-21212 CRON[7536]: pam_unix(cron:session): session closed for user www-data
    Jan 20 13:20:01 25612-21212 CRON[7537]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:20:01 25612-21212 CRON[7539]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:20:01 25612-21212 CRON[7537]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:20:01 25612-21212 CRON[7534]: pam_unix(cron:session): session closed for user smmsp
    Jan 20 13:20:01 25612-21212 CRON[7539]: pam_unix(cron:session): session closed for user root
    Jan 20 13:20:01 25612-21212 postfix/smtpd[7610]: sql auxprop plugin using mysql engine 
    Jan 20 13:21:01 25612-21212 CRON[7634]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:21:01 25612-21212 CRON[7634]: pam_unix(cron:session): session closed for user root
    Jan 20 13:22:01 25612-21212 CRON[7670]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:22:01 25612-21212 CRON[7670]: pam_unix(cron:session): session closed for user root
    Jan 20 13:23:01 25612-21212 CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:23:01 25612-21212 CRON[7687]: pam_unix(cron:session): session closed for user root
    Jan 20 13:24:01 25612-21212 CRON[7695]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:24:01 25612-21212 CRON[7695]: pam_unix(cron:session): session closed for user root
    Jan 20 13:25:01 25612-21212 CRON[7701]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:25:01 25612-21212 CRON[7703]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:25:01 25612-21212 CRON[7701]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:25:01 25612-21212 postfix/smtpd[7725]: sql auxprop plugin using mysql engine 
    Jan 20 13:25:01 25612-21212 CRON[7703]: pam_unix(cron:session): session closed for user root
    Jan 20 13:26:01 25612-21212 CRON[7810]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:26:01 25612-21212 CRON[7810]: pam_unix(cron:session): session closed for user root
    Jan 20 13:26:07 25612-21212 sshd[7815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.47.160.12  user=root
    Jan 20 13:26:08 25612-21212 sshd[7815]: Failed password for root from 202.47.160.12 port 46892 ssh2
    Jan 20 13:26:12 25612-21212 sshd[7817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.47.160.12  user=root
    Jan 20 13:26:14 25612-21212 sshd[7817]: Failed password for root from 202.47.160.12 port 46983 ssh2
    Jan 20 13:26:16 25612-21212 sshd[7820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.47.160.12  user=root
    Jan 20 13:26:18 25612-21212 sshd[7820]: Failed password for root from 202.47.160.12 port 47092 ssh2
    Jan 20 13:26:20 25612-21212 sshd[7822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.47.160.12  user=root
    Jan 20 13:26:22 25612-21212 sshd[7822]: Failed password for root from 202.47.160.12 port 47190 ssh2
    Jan 20 13:26:25 25612-21212 sshd[7857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.47.160.12  user=root
    Jan 20 13:26:26 25612-21212 sshd[7857]: Failed password for root from 202.47.160.12 port 47283 ssh2
    Jan 20 13:26:29 25612-21212 sshd[7987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.47.160.12  user=root
    Jan 20 13:26:31 25612-21212 groupadd[9365]: group added to /etc/group: name=dovecot, GID=120
    Jan 20 13:26:31 25612-21212 groupadd[9365]: group added to /etc/gshadow: name=dovecot
    Jan 20 13:26:31 25612-21212 groupadd[9365]: new group: name=dovecot, GID=120
    Jan 20 13:26:31 25612-21212 useradd[9369]: new user: name=dovecot, UID=115, GID=120, home=/usr/lib/dovecot, shell=/bin/false
    Jan 20 13:26:31 25612-21212 usermod[9374]: change user 'dovecot' password
    Jan 20 13:26:31 25612-21212 chage[9379]: changed password expiry for dovecot
    Jan 20 13:26:31 25612-21212 sshd[7987]: Failed password for root from 202.47.160.12 port 47378 ssh2
    Jan 20 13:26:31 25612-21212 chfn[9382]: changed user 'dovecot' information
    Jan 20 13:27:01 25612-21212 CRON[9577]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:27:01 25612-21212 CRON[9577]: pam_unix(cron:session): session closed for user root
    Jan 20 13:28:01 25612-21212 CRON[9583]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:28:01 25612-21212 CRON[9583]: pam_unix(cron:session): session closed for user root
    Jan 20 13:29:01 25612-21212 CRON[9589]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:29:01 25612-21212 CRON[9589]: pam_unix(cron:session): session closed for user root
    Jan 20 13:30:01 25612-21212 CRON[9594]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 13:30:01 25612-21212 CRON[9596]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:30:01 25612-21212 CRON[9598]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:30:01 25612-21212 CRON[9594]: pam_unix(cron:session): session closed for user www-data
    Jan 20 13:30:01 25612-21212 CRON[9596]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:30:02 25612-21212 postfix/smtpd[9624]: sql auxprop plugin using mysql engine 
    Jan 20 13:30:02 25612-21212 CRON[9598]: pam_unix(cron:session): session closed for user root
    Jan 20 13:31:01 25612-21212 CRON[9651]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:31:01 25612-21212 CRON[9651]: pam_unix(cron:session): session closed for user root
    Jan 20 13:32:01 25612-21212 CRON[9679]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:32:01 25612-21212 CRON[9679]: pam_unix(cron:session): session closed for user root
    Jan 20 13:33:01 25612-21212 CRON[9686]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:33:01 25612-21212 CRON[9686]: pam_unix(cron:session): session closed for user root
    Jan 20 13:34:01 25612-21212 CRON[9692]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:34:01 25612-21212 CRON[9692]: pam_unix(cron:session): session closed for user root
    Jan 20 13:35:01 25612-21212 CRON[9698]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:35:01 25612-21212 CRON[9699]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:35:01 25612-21212 CRON[9698]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:35:01 25612-21212 postfix/smtpd[9722]: sql auxprop plugin using mysql engine 
    Jan 20 13:35:01 25612-21212 CRON[9699]: pam_unix(cron:session): session closed for user root
    Jan 20 13:36:01 25612-21212 CRON[9805]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:36:01 25612-21212 CRON[9805]: pam_unix(cron:session): session closed for user root
    Jan 20 13:37:01 25612-21212 CRON[9834]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:37:01 25612-21212 CRON[9834]: pam_unix(cron:session): session closed for user root
    Jan 20 13:38:01 25612-21212 CRON[9840]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:38:01 25612-21212 CRON[9840]: pam_unix(cron:session): session closed for user root
    Jan 20 13:39:01 25612-21212 CRON[9846]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:39:01 25612-21212 CRON[9847]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:39:01 25612-21212 CRON[9846]: pam_unix(cron:session): session closed for user root
    Jan 20 13:39:01 25612-21212 CRON[9847]: pam_unix(cron:session): session closed for user root
    Jan 20 13:40:01 25612-21212 CRON[9998]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
    Jan 20 13:40:01 25612-21212 CRON[10000]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 13:40:01 25612-21212 CRON[10003]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:40:01 25612-21212 CRON[10001]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:40:01 25612-21212 CRON[10000]: pam_unix(cron:session): session closed for user www-data
    Jan 20 13:40:01 25612-21212 CRON[10001]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:40:01 25612-21212 CRON[9998]: pam_unix(cron:session): session closed for user smmsp
    Jan 20 13:40:01 25612-21212 postfix/smtpd[10045]: sql auxprop plugin using mysql engine 
    Jan 20 13:40:02 25612-21212 CRON[10003]: pam_unix(cron:session): session closed for user root
    Jan 20 13:40:02 25612-21212 postfix/smtpd[10075]: sql auxprop plugin using mysql engine 
    Jan 20 13:41:01 25612-21212 CRON[10082]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:41:01 25612-21212 CRON[10082]: pam_unix(cron:session): session closed for user root
    Jan 20 13:42:01 25612-21212 CRON[10106]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:42:01 25612-21212 CRON[10106]: pam_unix(cron:session): session closed for user root
    Jan 20 13:43:01 25612-21212 CRON[10115]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:43:01 25612-21212 CRON[10115]: pam_unix(cron:session): session closed for user root
    Jan 20 13:44:01 25612-21212 CRON[10121]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:44:01 25612-21212 CRON[10121]: pam_unix(cron:session): session closed for user root
    Jan 20 13:45:01 25612-21212 CRON[10186]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:45:01 25612-21212 CRON[10187]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:45:01 25612-21212 CRON[10186]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:45:01 25612-21212 postfix/smtpd[10214]: sql auxprop plugin using mysql engine 
    Jan 20 13:45:01 25612-21212 CRON[10187]: pam_unix(cron:session): session closed for user root
    Jan 20 13:46:01 25612-21212 CRON[11266]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:46:01 25612-21212 CRON[11266]: pam_unix(cron:session): session closed for user root
    Jan 20 13:47:01 25612-21212 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:47:01 25612-21212 CRON[11273]: pam_unix(cron:session): session closed for user root
    Jan 20 13:47:10 25612-21212 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
    Jan 20 13:47:10 25612-21212 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=76.179.0.31 
    Jan 20 13:47:19 25612-21212 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
    Jan 20 13:47:19 25612-21212 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=76.179.0.31 
    Jan 20 13:48:01 25612-21212 CRON[11298]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:48:01 25612-21212 CRON[11298]: pam_unix(cron:session): session closed for user root
    Jan 20 13:49:01 25612-21212 CRON[11304]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:49:01 25612-21212 CRON[11304]: pam_unix(cron:session): session closed for user root
    Jan 20 13:50:01 25612-21212 CRON[11315]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 13:50:01 25612-21212 CRON[11317]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:50:01 25612-21212 CRON[11319]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:50:01 25612-21212 CRON[11315]: pam_unix(cron:session): session closed for user www-data
    Jan 20 13:50:01 25612-21212 CRON[11317]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:50:01 25612-21212 postfix/smtpd[11341]: sql auxprop plugin using mysql engine 
    Jan 20 13:50:02 25612-21212 CRON[11319]: pam_unix(cron:session): session closed for user root
    Jan 20 13:51:01 25612-21212 CRON[11500]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:51:01 25612-21212 CRON[11500]: pam_unix(cron:session): session closed for user root
    Jan 20 13:52:01 25612-21212 CRON[11507]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:52:01 25612-21212 CRON[11507]: pam_unix(cron:session): session closed for user root
    Jan 20 13:52:26 25612-21212 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
    Jan 20 13:52:26 25612-21212 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=76.179.0.31 
    Jan 20 13:52:35 25612-21212 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
    Jan 20 13:52:35 25612-21212 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=76.179.0.31 
    Jan 20 13:53:01 25612-21212 CRON[11533]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:53:01 25612-21212 CRON[11533]: pam_unix(cron:session): session closed for user root
    Jan 20 13:54:01 25612-21212 CRON[11539]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:54:01 25612-21212 CRON[11539]: pam_unix(cron:session): session closed for user root
    Jan 20 13:55:01 25612-21212 CRON[11545]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 13:55:01 25612-21212 CRON[11546]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:55:01 25612-21212 CRON[11545]: pam_unix(cron:session): session closed for user getmail
    Jan 20 13:55:01 25612-21212 postfix/smtpd[11570]: sql auxprop plugin using mysql engine 
    Jan 20 13:55:01 25612-21212 CRON[11546]: pam_unix(cron:session): session closed for user root
    Jan 20 13:56:01 25612-21212 CRON[11657]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:56:01 25612-21212 CRON[11657]: pam_unix(cron:session): session closed for user root
    Jan 20 13:57:01 25612-21212 CRON[11663]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:57:01 25612-21212 CRON[11664]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:57:01 25612-21212 CRON[11663]: pam_unix(cron:session): session closed for user root
    Jan 20 13:57:01 25612-21212 CRON[11664]: pam_unix(cron:session): session closed for user root
    Jan 20 13:58:01 25612-21212 CRON[12052]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:58:01 25612-21212 CRON[12052]: pam_unix(cron:session): session closed for user root
    Jan 20 13:59:01 25612-21212 CRON[13328]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 13:59:01 25612-21212 CRON[13328]: pam_unix(cron:session): session closed for user root
    Jan 20 14:00:01 25612-21212 CRON[13334]: pam_unix(cron:session): session opened for user smmsp by (uid=0)
    Jan 20 14:00:01 25612-21212 CRON[13336]: pam_unix(cron:session): session opened for user www-data by (uid=0)
    Jan 20 14:00:01 25612-21212 CRON[13337]: pam_unix(cron:session): session opened for user getmail by (uid=0)
    Jan 20 14:00:01 25612-21212 CRON[13338]: pam_unix(cron:session): session opened for user root by (uid=0)
    Jan 20 14:00:01 25612-21212 CRON[13336]: pam_unix(cron:session): session closed for user www-data
    Jan 20 14:00:01 25612-21212 CRON[13337]: pam_unix(cron:session): session closed for user getmail
     

Share This Page