första raden i loggen
Mar 16 21:43:05 kvarnen named[8896]: master 66.23.226.92#53 (source 0.0.0.0#0) deleted from unreachable cache
Mar 16 21:43:05 kvarnen named[8896]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: connected using 95.170.86.14#37390
Mar 17 04:51:05 kvarnen freshclam[485]: Empty script main-56.cdiff, need to download entire database
Mar 17 04:51:48 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 04:51:48 kvarnen freshclam[485]: WARNING: getfile: Download interrupted: Inappropriate ioctl for device (IP: 145.58.29.83)
Mar 17 04:51:48 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 04:51:48 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 04:52:54 kvarnen freshclam[485]: Empty script main-56.cdiff, need to download entire database
Mar 17 04:53:24 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 04:53:24 kvarnen freshclam[485]: WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 194.109.6.97): Operation now in progress
Mar 17 04:53:24 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 04:53:24 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 04:53:37 kvarnen freshclam[485]: WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 217.19.16.188): Connection reset by peer
Mar 17 04:53:37 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:53:37 kvarnen freshclam[485]: connect_error: getsockopt(SO_ERROR): fd=4 error=111: Connection refused
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 04:54:37 kvarnen freshclam[485]: connect_error: getsockopt(SO_ERROR): fd=4 error=111: Connection refused
Mar 17 04:54:37 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 04:54:37 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 05:02:18 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 05:02:18 kvarnen freshclam[485]: WARNING: getfile: Download interrupted: Inappropriate ioctl for device (IP: 145.58.29.83)
Mar 17 05:02:18 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 05:02:18 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 05:02:24 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 05:02:24 kvarnen freshclam[485]: ERROR: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 05:02:24 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 05:07:21 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 05:07:21 kvarnen freshclam[485]: ERROR: getfile: Download interrupted: Inappropriate ioctl for device (IP: 145.58.29.83)
Mar 17 05:07:21 kvarnen freshclam[485]: ERROR: Can't download main.cvd from db.local.clamav.net
Mar 17 05:07:21 kvarnen freshclam[485]: Giving up on db.local.clamav.net...
Mar 17 05:07:22 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from database.clamav.net
Mar 17 05:07:22 kvarnen freshclam[485]: ERROR: getpatch: Can't download main-56.cdiff from database.clamav.net
Mar 17 05:07:22 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 05:07:22 kvarnen freshclam[485]: connect_error: getsockopt(SO_ERROR): fd=4 error=111: Connection refused
Mar 17 05:07:22 kvarnen freshclam[485]: Can't connect to port 80 of host database.clamav.net (IP: 145.58.29.83)
Mar 17 05:07:22 kvarnen freshclam[485]: Trying host database.clamav.net (213.73.255.243)...
Mar 17 05:07:52 kvarnen freshclam[485]: Can't connect to port 80 of host database.clamav.net (IP: 213.73.255.243)
Mar 17 05:07:52 kvarnen freshclam[485]: ERROR: Can't download main.cvd from database.clamav.net
Mar 17 05:07:52 kvarnen freshclam[485]: Giving up on database.clamav.net...
Mar 17 05:07:52 kvarnen freshclam[485]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
Mar 17 06:27:00 kvarnen freshclam[485]: Downloading main.cvd [100%]
Mar 17 06:27:06 kvarnen freshclam[485]: WARNING: getfile: Unknown response from remote server (IP: 145.58.29.83)
Mar 17 06:30:26 kvarnen freshclam[485]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
Mar 18 20:23:08 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<y+JQrVcuJwDIRGPZ>
Mar 20 11:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 00:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 01:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 02:40:01 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<ZBvPLIUufADIRGPZ>
Mar 21 02:40:02 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<vA/kLIUuLADIRGPZ>
Mar 21 02:40:04 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<7uj4LIUuMQDIRGPZ>
Mar 21 02:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 03:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 04:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 05:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 05:58:32 kvarnen named[8896]: zone happysthlm.se/IN: refresh: retry limit for master 66.23.226.92#53 exceeded (source 0.0.0.0#0)
Mar 21 05:58:39 kvarnen named[8896]: transfer of 'happysthlm.se/IN' from 66.23.226.92#53: connected using 95.170.86.14#33872
Mar 22 13:03:22 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<zjjk/6EudwDaHecV>
Mar 22 13:03:26 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<OsoiAKIu3ADaHecV>
Mar 22 13:03:29 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<vGlWAKIu5QDaHecV>
Mar 22 15:00:30 kvarnen dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=188.138.1.218, lip=95.170.86.14, session=<ZMLXoqMuFwC8igHa>
Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
Mar 22 18:05:16 nada sshd[29644]: Received disconnect from 91.193.74.7: 11: Bye [preauth]
Mar 23 02:41:44 nada spamd[19688]: pyzor: check failed: internal error, python traceback seen in response
Mar 23 05:48:21 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=ammis@lubcke.se uid=0 euid=0 tty=dovecot ruser=ammis@lubcke.se rhost=182.68.167.174
Mar 23 05:48:21 nada auth: pam_unix(dovecot:auth): check pass; user unknown
Mar 23 05:48:21 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=ammis@lubcke.se rhost=182.68.167.174
Mar 23 05:48:25 nada dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<ammis@lubcke.se>, method=PLAIN, rip=182.68.167.174, lip=66.23.226.92, TLS, session=<rVEJCrAubwC2RKeu>
Mar 23 07:01:37 nada spamd[14446]: pyzor: check failed: internal error, python traceback seen in response
Mar 23 10:07:56 nada sm-mta[20809]: u2N97qjp020809: hostby.ankas-group.net [46.161.40.200] (may be forged): possible SMTP attack: command=AUTH, count=5
Mar 23 07:34:37 kvarnen sshd[25479]: Disconnecting: Change of username or service not allowed: (vmware,ssh-connection) -> (a,ssh-connection) [preauth]
Mar 23 09:24:01 kvarnen sshd[19594]: Disconnecting: Change of username or service not allowed: (suser,ssh-connection) -> (user,ssh-connection) [preauth]
Mar 23 13:36:12 nada spamd[3731]: pyzor: check failed: internal error, python traceback seen in response
Mar 23 19:49:48 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=petter@lidberg.se uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
Mar 23 19:49:52 nada dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<petter@lidberg.se>, method=PLAIN, rip=187.131.22.215, lip=66.23.226.92, TLS, session=<K0NMy7sukQC7gxbX>
Mar 24 02:08:41 nada named[5002]: client 192.42.132.103#45345: notify question section contains no SOA
Mar 24 11:06:17 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/sent-mail
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Trash
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Drafts
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/mormors 100-&AOU-rsdag
Mar 24 14:05:39 nada sshd[16936]: Received disconnect from 91.193.74.7: 11: Bye [preauth]
Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): write(Q) returned -1, expected 5: Broken pipe
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): to error state
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): write(Q) returned -1, expected 5: Broken pipe
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): to error state
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): write(Q) returned -1, expected 5: Broken pipe
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): to error state
Mar 25 19:44:04 nada sshd[20872]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 26 06:57:05 nada spamd[10050]: spamd: server hit by SIGHUP, restarting
Mar 26 06:57:05 nada spamd[10050]: spamd: child [20105] killed successfully: interrupted, signal 2 (0002)
Mar 26 06:57:05 nada spamd[10050]: spamd: child [23926] killed successfully: interrupted, signal 2 (0002)
Mar 26 06:57:05 nada spamd.pid[10050]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
Mar 26 06:57:06 nada spamd[17910]: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:07 nada spamd[17910]: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:08 nada spamd[17910]: server socket setup failed, retry 3: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:09 nada spamd[17905]: spamd: server started on port 783/tcp (running version 3.3.2)
Mar 26 06:57:09 nada spamd[17910]: server socket setup failed, retry 4: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:10 nada spamd[17910]: server socket setup failed, retry 5: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:11 nada spamd[17910]: server socket setup failed, retry 6: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:12 nada spamd[17910]: server socket setup failed, retry 7: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:13 nada spamd[17910]: server socket setup failed, retry 8: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:14 nada spamd[17910]: server socket setup failed, retry 9: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:15 nada spamd[17910]: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
Mar 27 06:31:18 nada monit[5075]: 'clamav-milter' process PID changed from 26461 to 14050
Mar 27 06:33:18 nada monit[5075]: 'clamav-milter' process PID has not changed since last cycle
Mar 27 10:28:35 nada sshd[2326]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 27 10:28:38 nada sshd[2328]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 27 22:21:47 nada sm-mta[3607]: u2RKLiXq003607: ruleset=check_rcpt, arg1=eax_64@yahoo.com, relay=125-227-60-218.HINET-IP.hinet.net [125.227.60.218] (may be forged), reject=550 5.7.1 eax_64@yahoo.com... Relaying denied. IP name possibly forged [125.227.60.218]
Mar 28 06:34:18 nada sshd[16291]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 28 10:48:05 nada spamd[17905]: prefork: server reached --max-children setting, consider raising it
Mar 30 03:49:50 nada sshd[9974]: Received disconnect from 125.212.232.159: 11: Closed due to user request. [preauth]
Mar 30 13:04:11 nada sm-mta[30164]: STARTTLS=client, relay=mailgw.swip.net., field=cn_subject, status=failed to extract CN
Mar 30 14:57:07 nada sshd[8420]: error: PAM: Cannot make/remove an entry for the specified session for illegal user admin from d5152db40.static.telenet.be
Mar 30 14:57:09 nada sshd[8420]: error: PAM: Cannot make/remove an entry for the specified session for illegal user admin from d5152db40.static.telenet.be
Mar 30 15:36:53 nada sm-mta[12291]: u2U9XkgT020620: u2UDarTR012291: sender notify: Warning: could not send message for past 4 hours
Mar 30 19:01:40 nada sm-mta[30590]: u2UGiH7o030590: collect: premature EOM: No route to host
Mar 30 20:47:04 nada sm-mta[9603]: STARTTLS=client, relay=mail-gw01.fsdata.se., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
Mar 30 20:59:38 nada dovecot: imap(katarina): Disconnected: Disconnected in=139 out=8902
Apr  1 06:03:28 nada dovecot: imap(gregory): Disconnected: Disconnected in=219 out=22999
Apr  4 01:58:18 nada sm-mta[23839]: u33Nw9KS023839: Milter: to=webmex@hotmail.com%nada.wahlberg.se, reject=451 4.7.1 Greylisting in action, please come back later
Apr  3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth]
Apr  3 10:49:36 nada named[5002]: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
Apr  2 22:49:14 nada named[5002]: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
Apr  2 22:58:50 nada sshd[3878]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr  2 06:38:03 nada spamd[16362]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping:
Apr  5 22:05:33 nada sshd[14320]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr  5 22:05:35 nada sshd[14322]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr  6 15:59:18 nada sshd[17076]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr  6 15:59:21 nada sshd[17078]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr  6 17:17:53 nada dovecot: imap(gertie): Disconnected in APPEND (1 msgs, 0 secs, 0/44908 bytes) in=884034 out=368982
Apr  7 05:56:43 kvarnen sshd[2034]: error: Received disconnect from 212.83.191.8: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Apr  7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
Apr  9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds
Apr  8 19:43:15 kvarnen freshclam[485]: Empty script bytecode-276.cdiff, need to download entire database
Apr  8 19:43:15 kvarnen freshclam[485]: Downloading bytecode.cvd [100%]
Apr  8 19:43:15 kvarnen freshclam[485]: bytecode.cvd updated (version: 276, sigs: 46, f-level: 63, builder: amishhammer)
Apr 10 20:46:18 nada sshd[6046]: pam_unix(sshd:auth): conversation failed
Apr 10 20:50:19 nada sshd(pam_google_authenticator)[6490]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
Apr 10 20:50:33 nada sshd[6491]: pam_unix(sshd:auth): conversation failed
Apr 10 20:50:44 nada sshd(pam_google_authenticator)[6494]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
Apr 10 20:50:57 nada sshd(pam_google_authenticator)[6501]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
Apr 10 20:50:58 nada sshd[6501]: pam_unix(sshd:auth): conversation failed
Apr 11 15:54:13 nada named[5002]: validating @0xb83c76e0: . NS: got insecure response; parent indicates it should be secure
Apr 13 09:42:28 kvarnen saslauthd[620]: pam_unix(:auth): check pass; user unknown
Apr 13 09:42:28 kvarnen saslauthd[620]: pam_unix(:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Apr 13 09:42:29 kvarnen saslauthd[620]: do_auth         : auth failure: [user=test] [service=] [realm=] [mech=pam] [reason=PAM auth error]
Apr 14 11:05:05 nada sm-mta[15662]: u3E955KV015662: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
Apr 15 10:19:48 nada sm-mta[23177]: u3F8JhXs023173: u3F8JmXr023177: DSN: Service unavailable
Apr 15 10:25:06 nada sm-mta[23906]: u3F8P26J023665: u3F8P66I023906: DSN: Service unavailable
Apr 15 17:29:00 nada sm-mta[687]: u3FFSq2F000687: collect: premature EOM: Connection reset by 99-198-26-191.cust.wildblue.net
Apr 15 19:27:33 nada saslauthd[1732]: do_auth         : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 18 09:23:16 nada saslauthd[1734]: do_auth         : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 18 11:07:40 nada sm-mta[22391]: u3I87Z3E022391: collect: premature EOM: Connection timed out with rs-mta-31.anpdm.com
Apr 18 18:27:55 nada sm-mta[6940]: u3IGRtDq006940: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
Apr 19 21:14:31 nada suhosin[28060]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'file' (attacker '62.210.203.159', file '/home/happysthlm/www.happysthlm.se/index.php')
Apr 20 12:25:05 nada dovecot: imap(kajsa): Disconnected: EOF while appending in=413894 out=733
Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
Apr 20 15:10:50 nada sm-mta[5183]: u3KDAo2M005183: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy  user=root
Apr 21 22:40:41 nada saslauthd[1732]: do_auth         : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 22 14:23:22 nada sshd[19599]: subsystem request for sftp by user petter
Apr 23 21:41:58 nada saslauthd[1735]: do_auth         : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 27 00:44:20 nada spamd[23159]: razor2: razor2 check failed: Invalid argument razor2: razor2 had unknown error during get_server_info at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 185. at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 325.
Apr 27 14:28:26 nada dovecot: pop3(kajsa): Disconnected for inactivity top=0/0, retr=0/0, del=0/67, size=5179534
Apr 27 12:36:48 kvarnen sshd[26292]: Bad protocol version identification 'GET / HTTP/1.1' from 106.184.2.29 port 63976
Apr 27 12:36:56 kvarnen sshd[26293]: Bad protocol version identification 'GET http://clientapi.ipip.net/echo.php?info=20160427185402 HTTP/1.1' from 106.184.2.29 port 7680
Apr 28 06:41:57 nada sm-mta[11484]: u3S4fvP5011484: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
May 11 01:17:42 kvarnen sshd[14739]: fatal: Unable to negotiate a key exchange method [preauth]
May 10 19:21:13 nada sshd[5327]: subsystem request for sftp by user petter
May 10 13:57:54 nada dovecot: pop3(kajsa): Disconnected for inactivity top=0/0, retr=0/0, del=0/91, size=19989948
May  9 21:06:23 nada sm-mta[8993]: u49J6NYD008993: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
May  6 11:19:15 kvarnen sshd[24101]: fatal: Unable to negotiate a key exchange method [preauth]
May  5 10:08:49 nada sshd[4523]: fatal: no hostkey alg [preauth]
May  3 16:54:08 nada spamd[18801]: razor2: razor2 check failed: Invalid argument razor2: razor2 had unknown error during get_server_info at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 185. at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 325.
May 11 19:13:29 nada sshd[10882]: input_userauth_request: invalid user ai_luat [preauth]
May 11 19:13:29 nada sshd[10882]: pam_krb5(sshd:auth): authentication failure; logname=ai_luat uid=0 euid=0 tty=ssh ruser= rhost=218.200.188.213
May 13 16:59:50 kvarnen sshd[21380]: Bad protocol version identification '' from 171.13.14.52 port 59637
May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
May 15 03:18:15 nada sshd[23461]: input_userauth_request: invalid user .php [preauth]
May 15 03:18:15 nada sshd[23461]: pam_krb5(sshd:auth): authentication failure; logname=.php uid=0 euid=0 tty=ssh ruser= rhost=59.0.85.43
May 27 23:53:37 nada sshd[499]: input_userauth_request: invalid user tbs\\r [preauth]
May 27 23:53:37 nada sshd[499]: pam_krb5(sshd:auth): authentication failure; logname=tbs#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
May 28 00:22:32 nada sshd[4355]: pam_krb5(sshd:auth): authentication failure; logname=oliver#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
Jun 25 12:58:28 kvarnen freshclam[15554]: WARNING: getfile: Unknown response from db.local.clamav.net (IP: 145.58.29.83)
Jun 25 16:58:32 kvarnen freshclam[15554]: WARNING: getfile: daily-21788.cdiff not found on db.local.clamav.net (IP: 217.19.16.188)
Jun 25 17:16:28 nada sshd[7066]: input_userauth_request: invalid user secret\\r [preauth]
Jun 25 17:26:26 nada sshd[7935]: input_userauth_request: invalid user user\\r [preauth]
Aug 16 19:28:06 nada sshd[12135]: Postponed keyboard-interactive/pam for invalid user admin from 75.149.180.141 port 65264 ssh2 [preauth]
Aug 16 21:57:30 nada sshd[26976]: Postponed keyboard-interactive/pam for invalid user support from 103.207.36.244 port 59302 ssh2 [preauth]
Aug 17 10:52:11 nada sshd[24804]: Received disconnect from 89.97.55.33: 11: disconnected by user [preauth]
Aug 23 06:06:16 nada suhosin[4003]: ALERT - configured GET variable value length limit exceeded - dropped variable 'page' (attacker '216.172.189.152', file '/home/fredrik/www.wahlis.com/dnsupdate/man.php')
Oct 13 08:31:17 kvarnen systemd[1]: Starting Cleanup of Temporary Directories...
Oct 13 08:31:17 kvarnen systemd[1]: Started Cleanup of Temporary Directories.
Aug 23 18:39:24 nada saslauthd[1713]: do_request      : NULL login received
Aug 23 18:39:24 nada fredrik[1713]: Sista raden ska inte synas
Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client: 7813:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:757:
Oct 24 06:04:11 nada sm-mta[7813]: ruleset=tls_server, arg1=SOFTWARE, relay=mail.adlibris.com, reject=403 4.7.0 TLS handshake failed.
Oct 24 06:33:25 nada sshd[10577]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-68-161-233-215.ny325.east.verizon.net  user=lp