fredrik/logcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
6d904dfb42f1d4beccd0e5bd2c015e5c8b32c2e3
logcheck/testlog
Fredrik Wahlberg 6d904dfb42 Fler preauth
2024-04-01 09:59:59 +02:00

795 lines
88 KiB
Plaintext
Raw Blame History

första raden i loggen
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Oct 28 19:58:35 nada sshd[12067]: Connection reset by invalid user 178.73.215.171 port 60178 [preauth]
Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498
Oct 28 10:01:06 nada HORDE: Guest user is not authorized for Mail (Host: msnbot-157-55-39-113.search.msn.com). [pid 30077 on line 324 of "/usr/share/php/Horde/Registry.php"]
Oct 28 10:58:51 nada HORDE: Guest user is not authorized for Horde (Host: 33.bl.bot.semrush.com). [pid 5104 on line 324 of "/usr/share/php/Horde/Registry.php"]
Oct 28 07:54:13 nada named[368]: client @0xf242cb64 104.180.184.102#80 (.): query failed (REFUSED) for ./IN/RRSIG at query.c:5498
Oct 28 06:17:36 nada named[368]: client @0xf2443044 205.185.124.172#52570 (pizzaseo.com): query failed (REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5498
Oct 28 07:58:37 nada sshd[1041]: error: kex_exchange_identification: Connection closed by remote host
Oct 28 07:58:37 nada sshd[1041]: Connection closed by 141.98.10.82 port 40176
Oct 28 12:23:29 nada sshd[14913]: error: kex_exchange_identification: read: Connection reset by peer
Oct 28 12:23:29 nada sshd[14913]: Connection reset by 185.73.124.100 port 12384
Oct 28 07:09:06 nada sendmail[32544]: STARTTLS=client: file /etc/letsencrypt/live/wahlberg.se-0005/cert.pem unsafe: Permission denied
Oct 28 07:09:06 nada sendmail[32544]: STARTTLS=client: file /etc/letsencrypt/live/wahlberg.se-0005/privkey.pem unsafe: Permission denied
Oct 28 07:09:06 nada sendmail[32544]: STARTTLS=client: file /etc/letsencrypt/live/wahlberg.se-0005/chain.pem unsafe: Permission denied
Oct 28 07:09:06 nada sendmail[32544]: STARTTLS=client, error: load verify locs /etc/letsencrypt/live/wahlberg.se, /etc/letsencrypt/live/wahlberg.se-0005/chain.pem failed: 0
Oct 28 07:09:06 nada sendmail[32544]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Oct 28 07:34:08 nada mod_evasive[25488]: Blacklisting address 81.228.31.170: possible DoS attack.
Oct 28 07:50:39 nada mod_evasive[25332]: Blacklisting address 217.213.70.60: possible DoS attack.
Oct 28 06:31:02 nada spamd[3181]: prefork: child states: II [... logline repeated 32 times]
Oct 26 09:44:50 nada saslauthd[275]: : NULL password received
Mar 16 21:43:05 kvarnen named[8896]: master 66.23.226.92#53 (source 0.0.0.0#0) deleted from unreachable cache
Mar 16 21:43:05 kvarnen named[8896]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: connected using 95.170.86.14#37390
Mar 17 04:51:05 kvarnen freshclam[485]: Empty script main-56.cdiff, need to download entire database
Mar 17 04:51:48 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 04:51:48 kvarnen freshclam[485]: WARNING: getfile: Download interrupted: Inappropriate ioctl for device (IP: 145.58.29.83)
Mar 17 04:51:48 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 04:51:48 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 04:52:54 kvarnen freshclam[485]: Empty script main-56.cdiff, need to download entire database
Mar 17 04:53:24 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 04:53:24 kvarnen freshclam[485]: WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 194.109.6.97): Operation now in progress
Mar 17 04:53:24 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 04:53:24 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 04:53:37 kvarnen freshclam[485]: WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 217.19.16.188): Connection reset by peer
Mar 17 04:53:37 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:53:37 kvarnen freshclam[485]: connect_error: getsockopt(SO_ERROR): fd=4 error=111: Connection refused
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:07 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 04:54:37 kvarnen freshclam[485]: connect_error: getsockopt(SO_ERROR): fd=4 error=111: Connection refused
Mar 17 04:54:37 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 04:54:37 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 04:54:44 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 05:02:18 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 05:02:18 kvarnen freshclam[485]: WARNING: getfile: Download interrupted: Inappropriate ioctl for device (IP: 145.58.29.83)
Mar 17 05:02:18 kvarnen freshclam[485]: WARNING: Can't download main.cvd from db.local.clamav.net
Mar 17 05:02:18 kvarnen freshclam[485]: Trying again in 5 secs...
Mar 17 05:02:24 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 05:02:24 kvarnen freshclam[485]: ERROR: getpatch: Can't download main-56.cdiff from db.local.clamav.net
Mar 17 05:02:24 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 05:07:21 kvarnen freshclam[485]: nonblock_recv: recv timing out (30 secs)
Mar 17 05:07:21 kvarnen freshclam[485]: ERROR: getfile: Download interrupted: Inappropriate ioctl for device (IP: 145.58.29.83)
Mar 17 05:07:21 kvarnen freshclam[485]: ERROR: Can't download main.cvd from db.local.clamav.net
Mar 17 05:07:21 kvarnen freshclam[485]: Giving up on db.local.clamav.net...
Mar 17 05:07:22 kvarnen freshclam[485]: WARNING: getpatch: Can't download main-56.cdiff from database.clamav.net
Mar 17 05:07:22 kvarnen freshclam[485]: ERROR: getpatch: Can't download main-56.cdiff from database.clamav.net
Mar 17 05:07:22 kvarnen freshclam[485]: WARNING: Incremental update failed, trying to download main.cvd
Mar 17 05:07:22 kvarnen freshclam[485]: connect_error: getsockopt(SO_ERROR): fd=4 error=111: Connection refused
Mar 17 05:07:22 kvarnen freshclam[485]: Can't connect to port 80 of host database.clamav.net (IP: 145.58.29.83)
Mar 17 05:07:22 kvarnen freshclam[485]: Trying host database.clamav.net (213.73.255.243)...
Mar 17 05:07:52 kvarnen freshclam[485]: Can't connect to port 80 of host database.clamav.net (IP: 213.73.255.243)
Mar 17 05:07:52 kvarnen freshclam[485]: ERROR: Can't download main.cvd from database.clamav.net
Mar 17 05:07:52 kvarnen freshclam[485]: Giving up on database.clamav.net...
Mar 17 05:07:52 kvarnen freshclam[485]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
Mar 17 06:27:00 kvarnen freshclam[485]: Downloading main.cvd [100%]
Mar 17 06:27:06 kvarnen freshclam[485]: WARNING: getfile: Unknown response from remote server (IP: 145.58.29.83)
Mar 17 06:30:26 kvarnen freshclam[485]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
Mar 18 20:23:08 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<y+JQrVcuJwDIRGPZ>
Mar 20 11:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 00:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 01:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 02:40:01 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<ZBvPLIUufADIRGPZ>
Mar 21 02:40:02 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<vA/kLIUuLADIRGPZ>
Mar 21 02:40:04 kvarnen dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=200.68.99.217, lip=95.170.86.14, session=<7uj4LIUuMQDIRGPZ>
Mar 21 02:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 03:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 04:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 05:52:56 kvarnen freshclam[485]: bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Mar 21 05:58:32 kvarnen named[8896]: zone happysthlm.se/IN: refresh: retry limit for master 66.23.226.92#53 exceeded (source 0.0.0.0#0)
Mar 21 05:58:39 kvarnen named[8896]: transfer of 'happysthlm.se/IN' from 66.23.226.92#53: connected using 95.170.86.14#33872
Mar 22 13:03:22 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<zjjk/6EudwDaHecV>
Mar 22 13:03:26 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<OsoiAKIu3ADaHecV>
Mar 22 13:03:29 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<vGlWAKIu5QDaHecV>
Mar 22 15:00:30 kvarnen dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=188.138.1.218, lip=95.170.86.14, session=<ZMLXoqMuFwC8igHa>
Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
Mar 22 18:05:16 nada sshd[29644]: Received disconnect from 91.193.74.7: 11: Bye [preauth]
Mar 23 02:41:44 nada spamd[19688]: pyzor: check failed: internal error, python traceback seen in response
Mar 23 05:48:21 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=ammis@lubcke.se uid=0 euid=0 tty=dovecot ruser=ammis@lubcke.se rhost=182.68.167.174
Mar 23 05:48:21 nada auth: pam_unix(dovecot:auth): check pass; user unknown
Mar 23 05:48:21 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=ammis@lubcke.se rhost=182.68.167.174
Mar 23 05:48:25 nada dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<ammis@lubcke.se>, method=PLAIN, rip=182.68.167.174, lip=66.23.226.92, TLS, session=<rVEJCrAubwC2RKeu>
Mar 23 07:01:37 nada spamd[14446]: pyzor: check failed: internal error, python traceback seen in response
Mar 23 10:07:56 nada sm-mta[20809]: u2N97qjp020809: hostby.ankas-group.net [46.161.40.200] (may be forged): possible SMTP attack: command=AUTH, count=5
Mar 23 07:34:37 kvarnen sshd[25479]: Disconnecting: Change of username or service not allowed: (vmware,ssh-connection) -> (a,ssh-connection) [preauth]
Mar 23 09:24:01 kvarnen sshd[19594]: Disconnecting: Change of username or service not allowed: (suser,ssh-connection) -> (user,ssh-connection) [preauth]
Mar 23 13:36:12 nada spamd[3731]: pyzor: check failed: internal error, python traceback seen in response
Mar 23 19:49:48 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=petter@lidberg.se uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
Mar 23 19:49:52 nada dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<petter@lidberg.se>, method=PLAIN, rip=187.131.22.215, lip=66.23.226.92, TLS, session=<K0NMy7sukQC7gxbX>
Mar 24 02:08:41 nada named[5002]: client 192.42.132.103#45345: notify question section contains no SOA
Mar 24 11:06:17 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/sent-mail
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Trash
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Drafts
Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/mormors 100-&AOU-rsdag
Mar 24 14:05:39 nada sshd[16936]: Received disconnect from 91.193.74.7: 11: Bye [preauth]
Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): write(Q) returned -1, expected 5: Broken pipe
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): to error state
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): write(Q) returned -1, expected 5: Broken pipe
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): to error state
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): write(Q) returned -1, expected 5: Broken pipe
Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): to error state
Mar 25 19:44:04 nada sshd[20872]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 26 06:57:05 nada spamd[10050]: spamd: server hit by SIGHUP, restarting
Mar 26 06:57:05 nada spamd[10050]: spamd: child [20105] killed successfully: interrupted, signal 2 (0002)
Mar 26 06:57:05 nada spamd[10050]: spamd: child [23926] killed successfully: interrupted, signal 2 (0002)
Mar 26 06:57:05 nada spamd.pid[10050]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
Mar 26 06:57:06 nada spamd[17910]: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:07 nada spamd[17910]: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:08 nada spamd[17910]: server socket setup failed, retry 3: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:09 nada spamd[17905]: spamd: server started on port 783/tcp (running version 3.3.2)
Mar 26 06:57:09 nada spamd[17910]: server socket setup failed, retry 4: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:10 nada spamd[17910]: server socket setup failed, retry 5: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:11 nada spamd[17910]: server socket setup failed, retry 6: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:12 nada spamd[17910]: server socket setup failed, retry 7: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:13 nada spamd[17910]: server socket setup failed, retry 8: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:14 nada spamd[17910]: server socket setup failed, retry 9: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 06:57:15 nada spamd[17910]: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
Mar 27 06:31:18 nada monit[5075]: 'clamav-milter' process PID changed from 26461 to 14050
Mar 27 06:33:18 nada monit[5075]: 'clamav-milter' process PID has not changed since last cycle
Mar 27 10:28:35 nada sshd[2326]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 27 10:28:38 nada sshd[2328]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 27 22:21:47 nada sm-mta[3607]: u2RKLiXq003607: ruleset=check_rcpt, arg1=eax_64@yahoo.com, relay=125-227-60-218.HINET-IP.hinet.net [125.227.60.218] (may be forged), reject=550 5.7.1 eax_64@yahoo.com... Relaying denied. IP name possibly forged [125.227.60.218]
Mar 28 06:34:18 nada sshd[16291]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
Mar 28 10:48:05 nada spamd[17905]: prefork: server reached --max-children setting, consider raising it
Mar 30 03:49:50 nada sshd[9974]: Received disconnect from 125.212.232.159: 11: Closed due to user request. [preauth]
Mar 30 13:04:11 nada sm-mta[30164]: STARTTLS=client, relay=mailgw.swip.net., field=cn_subject, status=failed to extract CN
Mar 30 14:57:07 nada sshd[8420]: error: PAM: Cannot make/remove an entry for the specified session for illegal user admin from d5152db40.static.telenet.be
Mar 30 14:57:09 nada sshd[8420]: error: PAM: Cannot make/remove an entry for the specified session for illegal user admin from d5152db40.static.telenet.be
Mar 30 15:36:53 nada sm-mta[12291]: u2U9XkgT020620: u2UDarTR012291: sender notify: Warning: could not send message for past 4 hours
Mar 30 19:01:40 nada sm-mta[30590]: u2UGiH7o030590: collect: premature EOM: No route to host
Mar 30 20:47:04 nada sm-mta[9603]: STARTTLS=client, relay=mail-gw01.fsdata.se., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
Mar 30 20:59:38 nada dovecot: imap(katarina): Disconnected: Disconnected in=139 out=8902
Apr 1 06:03:28 nada dovecot: imap(gregory): Disconnected: Disconnected in=219 out=22999
Apr 4 01:58:18 nada sm-mta[23839]: u33Nw9KS023839: Milter: to=webmex@hotmail.com%nada.wahlberg.se, reject=451 4.7.1 Greylisting in action, please come back later
Apr 3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth]
Apr 3 10:49:36 nada named[5002]: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
Apr 2 22:49:14 nada named[5002]: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
Apr 2 22:58:50 nada sshd[3878]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr 2 06:38:03 nada spamd[16362]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping:
Apr 5 22:05:33 nada sshd[14320]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr 5 22:05:35 nada sshd[14322]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr 6 15:59:18 nada sshd[17076]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr 6 15:59:21 nada sshd[17078]: Received disconnect from 91.197.232.30: 11: Bye [preauth]
Apr 6 17:17:53 nada dovecot: imap(gertie): Disconnected in APPEND (1 msgs, 0 secs, 0/44908 bytes) in=884034 out=368982
Apr 7 05:56:43 kvarnen sshd[2034]: error: Received disconnect from 212.83.191.8: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Apr 7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
Apr 9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds
Apr 8 19:43:15 kvarnen freshclam[485]: Empty script bytecode-276.cdiff, need to download entire database
Apr 8 19:43:15 kvarnen freshclam[485]: Downloading bytecode.cvd [100%]
Apr 8 19:43:15 kvarnen freshclam[485]: bytecode.cvd updated (version: 276, sigs: 46, f-level: 63, builder: amishhammer)
Apr 10 20:46:18 nada sshd[6046]: pam_unix(sshd:auth): conversation failed
Apr 10 20:50:19 nada sshd(pam_google_authenticator)[6490]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
Apr 10 20:50:33 nada sshd[6491]: pam_unix(sshd:auth): conversation failed
Apr 10 20:50:44 nada sshd(pam_google_authenticator)[6494]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
Apr 10 20:50:57 nada sshd(pam_google_authenticator)[6501]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack.
Apr 10 20:50:58 nada sshd[6501]: pam_unix(sshd:auth): conversation failed
Apr 11 15:54:13 nada named[5002]: validating @0xb83c76e0: . NS: got insecure response; parent indicates it should be secure
Apr 13 09:42:28 kvarnen saslauthd[620]: pam_unix(:auth): check pass; user unknown
Apr 13 09:42:28 kvarnen saslauthd[620]: pam_unix(:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Apr 13 09:42:29 kvarnen saslauthd[620]: do_auth : auth failure: [user=test] [service=] [realm=] [mech=pam] [reason=PAM auth error]
Apr 14 11:05:05 nada sm-mta[15662]: u3E955KV015662: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
Apr 15 10:19:48 nada sm-mta[23177]: u3F8JhXs023173: u3F8JmXr023177: DSN: Service unavailable
Apr 15 10:25:06 nada sm-mta[23906]: u3F8P26J023665: u3F8P66I023906: DSN: Service unavailable
Apr 15 17:29:00 nada sm-mta[687]: u3FFSq2F000687: collect: premature EOM: Connection reset by 99-198-26-191.cust.wildblue.net
Apr 15 19:27:33 nada saslauthd[1732]: do_auth : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 18 09:23:16 nada saslauthd[1734]: do_auth : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 18 11:07:40 nada sm-mta[22391]: u3I87Z3E022391: collect: premature EOM: Connection timed out with rs-mta-31.anpdm.com
Apr 18 18:27:55 nada sm-mta[6940]: u3IGRtDq006940: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
Apr 19 21:14:31 nada suhosin[28060]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'file' (attacker '62.210.203.159', file '/home/happysthlm/www.happysthlm.se/index.php')
Apr 20 12:25:05 nada dovecot: imap(kajsa): Disconnected: EOF while appending in=413894 out=733
Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
Apr 20 15:10:50 nada sm-mta[5183]: u3KDAo2M005183: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n
Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy user=root
Apr 21 22:40:41 nada saslauthd[1732]: do_auth : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 22 14:23:22 nada sshd[19599]: subsystem request for sftp by user petter
Apr 23 21:41:58 nada saslauthd[1735]: do_auth : auth failure: [user=backuppc ] [service=smtp] [realm=wahlberg.se] [mech=shadow] [reason=Unknown]
Apr 27 00:44:20 nada spamd[23159]: razor2: razor2 check failed: Invalid argument razor2: razor2 had unknown error during get_server_info at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 185. at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 325.
Apr 27 14:28:26 nada dovecot: pop3(kajsa): Disconnected for inactivity top=0/0, retr=0/0, del=0/67, size=5179534
Apr 27 12:36:48 kvarnen sshd[26292]: Bad protocol version identification 'GET / HTTP/1.1' from 106.184.2.29 port 63976
Apr 27 12:36:56 kvarnen sshd[26293]: Bad protocol version identification 'GET http://clientapi.ipip.net/echo.php?info=20160427185402 HTTP/1.1' from 106.184.2.29 port 7680
Apr 28 06:41:57 nada sm-mta[11484]: u3S4fvP5011484: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
May 11 01:17:42 kvarnen sshd[14739]: fatal: Unable to negotiate a key exchange method [preauth]
May 10 19:21:13 nada sshd[5327]: subsystem request for sftp by user petter
May 10 13:57:54 nada dovecot: pop3(kajsa): Disconnected for inactivity top=0/0, retr=0/0, del=0/91, size=19989948
May 9 21:06:23 nada sm-mta[8993]: u49J6NYD008993: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n
May 6 11:19:15 kvarnen sshd[24101]: fatal: Unable to negotiate a key exchange method [preauth]
May 5 10:08:49 nada sshd[4523]: fatal: no hostkey alg [preauth]
May 3 16:54:08 nada spamd[18801]: razor2: razor2 check failed: Invalid argument razor2: razor2 had unknown error during get_server_info at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 185. at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 325.
May 11 19:13:29 nada sshd[10882]: input_userauth_request: invalid user ai_luat [preauth]
May 11 19:13:29 nada sshd[10882]: pam_krb5(sshd:auth): authentication failure; logname=ai_luat uid=0 euid=0 tty=ssh ruser= rhost=218.200.188.213
May 13 16:59:50 kvarnen sshd[21380]: Bad protocol version identification '' from 171.13.14.52 port 59637
May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
May 15 03:18:15 nada sshd[23461]: input_userauth_request: invalid user .php [preauth]
May 15 03:18:15 nada sshd[23461]: pam_krb5(sshd:auth): authentication failure; logname=.php uid=0 euid=0 tty=ssh ruser= rhost=59.0.85.43
May 27 23:53:37 nada sshd[499]: input_userauth_request: invalid user tbs\\r [preauth]
May 27 23:53:37 nada sshd[499]: pam_krb5(sshd:auth): authentication failure; logname=tbs#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
May 28 00:22:32 nada sshd[4355]: pam_krb5(sshd:auth): authentication failure; logname=oliver#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
Jun 25 12:58:28 kvarnen freshclam[15554]: WARNING: getfile: Unknown response from db.local.clamav.net (IP: 145.58.29.83)
Jun 25 16:58:32 kvarnen freshclam[15554]: WARNING: getfile: daily-21788.cdiff not found on db.local.clamav.net (IP: 217.19.16.188)
Jun 25 17:16:28 nada sshd[7066]: input_userauth_request: invalid user secret\\r [preauth]
Jun 25 17:26:26 nada sshd[7935]: input_userauth_request: invalid user user\\r [preauth]
Aug 16 19:28:06 nada sshd[12135]: Postponed keyboard-interactive/pam for invalid user admin from 75.149.180.141 port 65264 ssh2 [preauth]
Aug 16 21:57:30 nada sshd[26976]: Postponed keyboard-interactive/pam for invalid user support from 103.207.36.244 port 59302 ssh2 [preauth]
Aug 17 10:52:11 nada sshd[24804]: Received disconnect from 89.97.55.33: 11: disconnected by user [preauth]
Aug 23 06:06:16 nada suhosin[4003]: ALERT - configured GET variable value length limit exceeded - dropped variable 'page' (attacker '216.172.189.152', file '/home/fredrik/www.wahlis.com/dnsupdate/man.php')
Oct 13 08:31:17 kvarnen systemd[1]: Starting Cleanup of Temporary Directories...
Oct 13 08:31:17 kvarnen systemd[1]: Started Cleanup of Temporary Directories.
Aug 23 18:39:24 nada saslauthd[1713]: do_request : NULL login received
Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client: 7813:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:757:
Oct 24 06:04:11 nada sm-mta[7813]: ruleset=tls_server, arg1=SOFTWARE, relay=mail.adlibris.com, reject=403 4.7.0 TLS handshake failed.
Oct 24 06:33:25 nada sshd[10577]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-68-161-233-215.ny325.east.verizon.net user=lp
Oct 24 17:54:12 nada sm-mta[11900]: STARTTLS=client: 11900:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error:s23_clnt.c:757:
Nov 3 00:10:37 nada sshd[29893]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host26-153-static.37-88-b.business.telecomitalia.it user=root
Nov 3 03:00:15 nada sshd[12808]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-200-105-158-166.acelerate.net user=root
Feb 28 06:10:08 nada sshd[15753]: Disconnecting: Too many authentication failures for support [preauth]
Feb 28 08:37:12 nada sshd[30563]: Disconnecting: Too many authentication failures for mother [preauth]
Feb 28 11:10:33 nada sshd[15274]: Disconnecting: Too many authentication failures for usuario [preauth]
Feb 28 11:29:39 nada sshd[17072]: Disconnecting: Too many authentication failures for admin [preauth]
Feb 27 16:45:52 nada sshd[2023]: Received disconnect from 74.208.146.17: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
Feb 28 03:09:57 nada sshd[30462]: Received disconnect from 47.89.188.218: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
Mar 1 09:28:37 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
Mar 1 09:28:40 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
Mar 1 09:28:43 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
Mar 1 09:29:01 nada sshd[4939]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 58713 ssh2 [preauth]
Mar 1 03:03:26 nada sshd[28313]: fatal: Write failed: Broken pipe [preauth]
Mar 2 07:21:44 nada spamc[16024]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused
Mar 2 14:16:53 marconi sshd[4282]: Connection closed by 163.172.210.106 port 56708 [preauth]
Mar 2 13:42:26 marconi sshd[25003]: Received disconnect from 155.4.131.66 port 2983:11: disconnected by user
Mar 2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
Mar 2 17:16:35 marconi systemd-logind[1241]: New session 85612 of user fredrik.
Mar 2 17:16:35 marconi systemd-logind[1241]: Removed session 85603.
Mar 2 16:25:24 marconi dhclient[22777]: bound to 192.168.1.118 -- renewal in 30618 seconds.
Mar 2 17:00:04 marconi sshd[31419]: Received disconnect from 116.31.116.18 port 20137:11: [preauth]
Mar 2 13:32:26 marconi sshd[21878]: Received disconnect from 155.4.131.66 port 2982:11: disconnected by user
Mar 2 13:26:35 marconi sshd[22990]: Accepted publickey for fredrik from 155.4.131.66 port 2984 ssh2: RSA SHA256:nN4hIQerkj/cftGXDuAmeiduRLomIKBSxT0ssoPTysc
Mar 2 14:05:55 marconi sshd[1776]: Disconnected from 116.31.116.18 port 61532 [preauth]
Mar 2 14:16:35 marconi sshd[1828]: Disconnected from 155.4.131.66 port 2982
Mar 2 17:04:13 marconi sshd[1368]: Disconnecting: Too many authentication failures [preauth]
Mar 2 13:25:14 marconi smartd[17895]: Device: /dev/sdc [SAT], 1 Currently unreadable (pending) sectors
Mar 2 13:25:14 marconi smartd[17895]: Device: /dev/sdc [SAT], 1 Offline uncorrectable sectors
Mar 2 13:25:14 marconi smartd[17895]: Device: /dev/sdc [SAT], Failed SMART usage Attribute: 184 End-to-End_Error.
Mar 2 16:25:24 marconi dhclient[22777]: DHCPACK of 192.168.1.118 from 192.168.1.1
Mar 2 16:25:24 marconi dhclient[22777]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x74f7120)
Mar 2 17:00:24 marconi sshd[556]: Connection reset by 119.147.115.37 port 1841 [preauth]
Mar 2 14:07:17 marconi sshd[1863]: Received disconnect from 116.31.116.18 port 60507:11: [preauth]
Mar 2 14:16:35 marconi sshd[1828]: Received disconnect from 155.4.131.66 port 2982:11: disconnected by user
Mar 2 14:06:35 marconi sshd[1797]: Accepted publickey for fredrik from 155.4.131.66 port 2982 ssh2: RSA SHA256:nN4hIQerkj/cftGXDuAmeiduRLomIKBSxT0ssoPTysc
Mar 2 14:12:26 marconi sshd[679]: Received disconnect from 155.4.131.66 port 2983:11: disconnected by user
Mar 2 14:16:51 marconi sshd[4277]: Connection closed by 163.172.210.106 port 14388 [preauth]
Mar 2 17:07:35 marconi sshd[2635]: Connection reset by 119.147.115.37 port 1070 [preauth]
Mar 2 16:26:52 marconi sshd[22218]: Connection reset by 119.147.115.37 port 4993 [preauth]
Mar 2 14:12:26 marconi sshd[679]: Disconnected from 155.4.131.66 port 2983
Mar 2 17:04:13 marconi sshd[1368]: error: maximum authentication attempts exceeded for root from 39.173.242.89 port 61397 ssh2 [preauth]
Mar 2 14:02:26 marconi sshd[648]: Accepted publickey for fredrik from 155.4.131.66 port 2983 ssh2: RSA SHA256:nN4hIQerkj/cftGXDuAmeiduRLomIKBSxT0ssoPTysc
Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: new request (1 scripts)
Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts...
Mar 2 13:31:22 marconi sshd[24935]: error: maximum authentication attempts exceeded for root from 14.155.151.175 port 49156 ssh2 [preauth]
Mar 2 13:23:45 marconi systemd[1]: Started CUPS Scheduler.
Mar 2 16:25:24 marconi systemd[1]: Started Network Manager Script Dispatcher Service.
Mar 2 17:16:35 marconi systemd[1]: Started Session 85612 of user fredrik.
Mar 2 16:25:24 marconi systemd[1]: Starting Network Manager Script Dispatcher Service...
Mar 2 13:32:26 marconi sshd[21878]: Disconnected from 155.4.131.66 port 2982
Mar 2 13:31:22 marconi sshd[24935]: Disconnecting: Too many authentication failures [preauth]
Mar 2 16:25:24 marconi dbus[1185]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Mar 2 16:25:24 marconi dbus[1185]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Mar 2 16:48:02 marconi telldusd: Execute a TellStick Action for device 1
Mar 2 16:49:02 marconi telldusd: Execute a TellStick Action for device 2
Mar 2 16:48:02 marconi telldusd: Execute a TellStick Action for device 3
Mar 2 20:18:14 marconi sshd[31811]: Received disconnect from 72.167.13.11 port 32867:11: Bye Bye [preauth]
Mar 2 20:33:25 marconi sshd[3723]: fatal: Unable to negotiate with 103.207.39.105 port 59502: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth]
Feb 27 16:18:14 marconi sshd[30894]: Accepted publickey for fredrik from 213.153.113.136 port 60681 ssh2: RSA SHA256:wtbGEMuojY+6IMUyU8t0rkg4bZoxeb07q1PqctZODzQ
Feb 27 18:16:55 marconi sshd[30123]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
Feb 28 03:15:06 marconi sshd[9243]: Accepted publickey for root from 66.23.226.92 port 35645 ssh2: RSA SHA256:Z0G8XQQjwahIdAJmj/DA0j29v+zA2v17C4b0rvOV6Nw
Feb 28 03:17:11 marconi systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Feb 28 03:17:18 marconi systemd: pam_unix(systemd-user:session): session closed for user root
Mar 2 22:01:02 marconi systemd[1]: Starting Daily apt activities...
Mar 2 22:01:04 marconi systemd[1]: Started Daily apt activities.
Mar 2 22:01:04 marconi systemd[1]: apt-daily.timer: Adding 6h 5min 38.342426s random time.
Mar 2 22:01:04 marconi systemd[1]: apt-daily.timer: Adding 6h 2min 20.962257s random time.
Mar 3 06:21:50 marconi named[27570]: client 106.185.43.131#50963: message parsing failed: unexpected end of input
Mar 3 07:30:02 marconi systemd[1]: Started Run anacron jobs.
Mar 3 07:36:04 marconi systemd[1]: Reloading The Apache HTTP Server.
Mar 3 07:36:06 marconi systemd[1]: Reloaded The Apache HTTP Server.
Mar 3 07:36:06 marconi systemd[1]: Stopping Make remote CUPS printers available locally...
Mar 3 07:36:06 marconi systemd[1]: Stopped Make remote CUPS printers available locally.
Mar 3 07:36:06 marconi systemd[1]: Stopping CUPS Scheduler...
Mar 3 07:36:06 marconi systemd[1]: Stopped CUPS Scheduler.
Mar 3 07:36:07 marconi systemd[1]: Started Make remote CUPS printers available locally.
Mar 3 03:15:04 marconi systemd[1]: Created slice User Slice of root.
Mar 3 03:15:04 marconi systemd[1]: Starting User Manager for UID 0...
Mar 3 03:15:06 marconi systemd[17958]: Reached target Paths.
Mar 3 03:15:06 marconi systemd[17958]: Reached target Timers.
Mar 3 03:15:06 marconi systemd[17958]: Reached target Sockets.
Mar 3 03:15:06 marconi systemd[17958]: Reached target Basic System.
Mar 3 03:15:06 marconi systemd[17958]: Reached target Default.
Mar 3 03:15:06 marconi systemd[17958]: Startup finished in 665ms.
Mar 3 03:15:06 marconi systemd[1]: Started User Manager for UID 0.
Mar 3 03:15:07 marconi systemd[1]: Stopping User Manager for UID 0...
Mar 3 03:15:07 marconi systemd[17958]: Reached target Shutdown.
Mar 3 03:15:07 marconi systemd[17958]: Starting Exit the Session...
Mar 3 03:15:07 marconi systemd[17958]: Stopped target Default.
Mar 3 03:15:07 marconi systemd[17958]: Stopped target Basic System.
Mar 3 03:15:07 marconi systemd[17958]: Stopped target Timers.
Mar 3 03:15:07 marconi systemd[17958]: Stopped target Sockets.
Mar 3 03:15:07 marconi systemd[17958]: Stopped target Paths.
Mar 3 03:15:07 marconi systemd[17958]: Received SIGRTMIN+24 from PID 18190 (kill).
Mar 3 03:15:07 marconi systemd[1]: Stopped User Manager for UID 0.
Mar 3 03:15:07 marconi systemd[1]: Removed slice User Slice of root.
Mar 3 03:15:08 marconi systemd[1]: Created slice User Slice of root.
Mar 3 03:15:08 marconi systemd[1]: Starting User Manager for UID 0...
Mar 3 03:15:09 marconi systemd[18209]: Reached target Paths.
Mar 3 03:15:09 marconi systemd[18209]: Reached target Timers.
Mar 3 03:15:09 marconi systemd[18209]: Reached target Sockets.
Mar 3 03:15:09 marconi systemd[18209]: Reached target Basic System.
Mar 3 03:15:09 marconi systemd[18209]: Reached target Default.
Mar 3 03:15:09 marconi systemd[18209]: Startup finished in 124ms.
Mar 3 03:15:09 marconi systemd[1]: Started User Manager for UID 0.
Mar 3 03:17:28 marconi systemd[1]: Stopping User Manager for UID 0...
Mar 3 03:17:28 marconi systemd[18209]: Reached target Shutdown.
Mar 3 03:17:28 marconi systemd[18209]: Starting Exit the Session...
Mar 3 03:17:28 marconi systemd[18209]: Stopped target Default.
Mar 3 03:17:28 marconi systemd[18209]: Stopped target Basic System.
Mar 3 03:17:28 marconi systemd[18209]: Stopped target Paths.
Mar 3 03:17:28 marconi systemd[18209]: Stopped target Sockets.
Mar 3 03:17:28 marconi systemd[18209]: Stopped target Timers.
Mar 3 03:17:29 marconi systemd[18209]: Received SIGRTMIN+24 from PID 19176 (kill).
Mar 3 03:17:29 marconi systemd[1]: Stopped User Manager for UID 0.
Mar 3 03:17:29 marconi systemd[1]: Removed slice User Slice of root.
Mar 3 03:17:29 marconi systemd[1]: Created slice User Slice of root.
Mar 3 03:17:29 marconi systemd[1]: Starting User Manager for UID 0...
Mar 3 03:17:30 marconi systemd[19182]: Reached target Paths.
Mar 3 03:17:30 marconi systemd[19182]: Reached target Timers.
Mar 3 03:17:30 marconi systemd[19182]: Reached target Sockets.
Mar 3 03:17:30 marconi systemd[19182]: Reached target Basic System.
Mar 3 03:17:30 marconi systemd[19182]: Reached target Default.
Mar 3 03:17:30 marconi systemd[19182]: Startup finished in 526ms.
Mar 3 03:17:30 marconi systemd[1]: Started User Manager for UID 0.
Mar 3 03:17:42 marconi systemd[1]: Stopping User Manager for UID 0...
Mar 3 03:17:42 marconi systemd[19182]: Reached target Shutdown.
Mar 3 03:17:42 marconi systemd[19182]: Stopped target Default.
Mar 3 03:17:42 marconi systemd[19182]: Stopped target Basic System.
Mar 3 03:17:42 marconi systemd[19182]: Stopped target Paths.
Mar 3 03:17:42 marconi systemd[19182]: Stopped target Sockets.
Mar 3 03:17:42 marconi systemd[19182]: Stopped target Timers.
Mar 3 03:17:42 marconi systemd[19182]: Starting Exit the Session...
Mar 3 03:17:42 marconi systemd[19182]: Received SIGRTMIN+24 from PID 19222 (kill).
Mar 3 03:17:42 marconi systemd[1]: Stopped User Manager for UID 0.
Mar 3 03:17:42 marconi systemd[1]: Removed slice User Slice of root.
Mar 3 03:17:43 marconi systemd[1]: Created slice User Slice of root.
Mar 3 03:17:43 marconi systemd[1]: Starting User Manager for UID 0...
Mar 3 03:17:43 marconi systemd[19230]: Reached target Timers.
Mar 3 03:17:43 marconi systemd[19230]: Reached target Sockets.
Mar 3 03:17:43 marconi systemd[19230]: Reached target Paths.
Mar 3 03:17:43 marconi systemd[19230]: Reached target Basic System.
Mar 3 03:17:43 marconi systemd[19230]: Reached target Default.
Mar 3 03:17:43 marconi systemd[19230]: Startup finished in 85ms.
Mar 3 03:17:43 marconi systemd[1]: Started User Manager for UID 0.
Mar 3 03:17:46 marconi systemd[1]: Stopping User Manager for UID 0...
Mar 3 03:17:46 marconi systemd[19230]: Stopped target Default.
Mar 3 03:17:46 marconi systemd[19230]: Reached target Shutdown.
Mar 3 03:17:46 marconi systemd[19230]: Starting Exit the Session...
Mar 3 03:17:46 marconi systemd[19230]: Stopped target Basic System.
Mar 3 03:17:46 marconi systemd[19230]: Stopped target Timers.
Mar 3 03:17:46 marconi systemd[19230]: Stopped target Sockets.
Mar 3 03:17:46 marconi systemd[19230]: Stopped target Paths.
Mar 3 03:17:46 marconi systemd[19230]: Received SIGRTMIN+24 from PID 19268 (kill).
Mar 3 03:17:46 marconi systemd[1]: Stopped User Manager for UID 0.
Mar 3 03:17:46 marconi systemd[1]: Removed slice User Slice of root.
Mar 3 03:17:47 marconi systemd[1]: Created slice User Slice of root.
Mar 3 03:17:47 marconi systemd[1]: Starting User Manager for UID 0...
Mar 3 03:17:48 marconi systemd[19275]: Reached target Sockets.
Mar 3 03:17:48 marconi systemd[19275]: Reached target Paths.
Mar 3 03:17:48 marconi systemd[19275]: Reached target Timers.
Mar 3 03:17:48 marconi systemd[19275]: Reached target Basic System.
Mar 3 03:17:48 marconi systemd[19275]: Reached target Default.
Mar 3 03:17:48 marconi systemd[19275]: Startup finished in 80ms.
Mar 3 03:17:48 marconi systemd[1]: Started User Manager for UID 0.
Mar 3 03:18:09 marconi systemd[1]: Stopping User Manager for UID 0...
Mar 3 03:18:09 marconi systemd[19275]: Stopped target Default.
Mar 3 03:18:09 marconi systemd[19275]: Stopped target Basic System.
Mar 3 03:18:09 marconi systemd[19275]: Stopped target Sockets.
Mar 3 03:18:09 marconi systemd[19275]: Stopped target Paths.
Mar 3 03:18:09 marconi systemd[19275]: Stopped target Timers.
Mar 3 03:18:09 marconi systemd[19275]: Reached target Shutdown.
Mar 3 03:18:09 marconi systemd[19275]: Starting Exit the Session...
Mar 3 03:18:09 marconi systemd[19275]: Received SIGRTMIN+24 from PID 19328 (kill).
Mar 3 03:18:09 marconi systemd[1]: Stopped User Manager for UID 0.
Mar 3 03:18:09 marconi systemd[1]: Removed slice User Slice of root.
Mar 3 00:02:36 marconi BACKUP: Automysqlbackup
Mar 3 00:02:37 marconi BACKUP: Daglig backup klar
Mar 3 00:00:01 marconi BACKUP: Startar daglig backup
Mar 3 00:00:01 marconi BACKUP: Hemkatalogerna
Mar 3 00:01:06 marconi BACKUP: Etc
Mar 3 00:01:09 marconi BACKUP: Prylarna i opt
Mar 3 00:01:26 marconi BACKUP: Webservern
Mar 3 12:57:42 nada sshd(pam_google_authenticator)[20838]: Failed to update secret file "/root/.google_authenticator"
Mar 3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
Mar 3 21:19:31 marconi sshd[17576]: error: Received disconnect from 212.83.160.203 port 57458:3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth]
Mar 4 09:14:31 nada sm-mta[25219]: v248EUKL025219: AUTH decode64 error [-5 for "Y2FzdG9yQHdhaGxiZXJnLnNlAGNhc3RvckB3YWhsYmVyZy5zZQBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer
Mar 4 16:21:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
Mar 4 18:46:37 marconi telldusd: message repeated 2 times: [ Execute a TellStick Action for device 4]
Mar 5 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.791823, 0] ../source3/nmbd/nmbd.c:169(nmbd_sig_hup_handler)
Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792332, 0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
Mar 5 07:36:35 marconi nmbd[28262]: [2017/03/05 07:36:35.792760, 0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
Mar 6 04:03:02 nada sshd[11959]: fatal: Write failed: Connection reset by peer [preauth]
Mar 6 22:43:34 nada sshd[4306]: Bad packet length 4081589265. [preauth]
Mar 6 22:43:34 nada sshd[4306]: Disconnecting: Packet corrupt [preauth]
Mar 6 23:47:37 nada sm-mta[11119]: v26MlObG011113: Fixed MIME Content-Type header field (possible attack)
Mar 8 03:17:11 nada sshd[23415]: Received disconnect from 91.195.103.166: 11: Client disconnecting normally [preauth]
Mar 7 19:37:07 nada sshd[9647]: Received disconnect from 91.195.103.173: 11: Client disconnecting normally [preauth]
Mar 8 07:31:45 nada sm-mta[16598]: v286VitB016598: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 9 05:30:02 marconi backup[1895]: Startar backup av marconi
Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
Mar 9 09:18:45 marconi backup[12320]: Jobbet avslutat och alla filer flyttade
Mar 9 15:08:55 marconi sshd[25800]: Received disconnect from 61.158.188.21 port 59944:11: ok [preauth]
Mar 9 15:22:40 marconi sshd[29305]: Received disconnect from 202.163.123.135 port 59164:11: ok [preauth]
OA
Mar 17 07:29:31 nada sshd[7692]: Received disconnect from 178.162.211.197: 13: User request [preauth]
Mar 17 11:32:29 nada sm-mta[775]: v2HAWQ2g000768: v2HAWT2f000775: DSN: Host unknown (Name server: hgadvokat.se: host not found)
Mar 17 09:44:38 marconi sshd[27920]: fatal: Unable to negotiate with 212.129.20.230 port 51562: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]
Mar 16 16:34:12 nada sshd[11591]: input_userauth_request: invalid user [preauth]
Mar 16 10:33:41 nada named[31321]: received control channel command 'reload happysthlm.se'
Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600
Mar 16 10:33:42 nada named[31321]: client 192.3.61.229#33639: transfer of 'happysthlm.se/IN': AXFR-style IXFR started
Mar 16 10:33:42 nada named[31321]: client 192.3.61.229#33639: transfer of 'happysthlm.se/IN': AXFR-style IXFR ended
Mar 16 11:47:51 nada named[31321]: client 46.162.117.83#39505: transfer of 'happysthlm.se/IN': AXFR-style IXFR started
Mar 16 11:47:51 nada named[31321]: client 46.162.117.83#39505: transfer of 'happysthlm.se/IN': AXFR-style IXFR ended
Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
Mar 15 06:24:30 nada sm-mta[29141]: v2F5OSbF029141: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 15 06:24:51 nada sm-mta[29155]: v2F5OoMX029155: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 15 06:25:13 nada sm-mta[29160]: v2F5PClb029160: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 15 06:25:35 nada sm-mta[29590]: v2F5PYa1029590: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207]
Mar 20 06:54:52 nada sshd[7359]: input_userauth_request: invalid user [preauth]
Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n
Mar 19 06:47:45 nada clamav-milter: ClamAV: mi_stop=1
Mar 19 04:36:45 marconi sshd[26598]: error: Received disconnect from 46.165.220.212 port 52999:13: User request [preauth]
Mar 19 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding route to 192.168.1.0/24
Mar 25 05:53:41 marconi dhcpcd[2859]: if_route (ADD): File exists
Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding default route via 192.168.1.1
Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: removing default route via 192.168.1.1
Mar 25 02:59:08 marconi dhclient[31370]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x3d70f3bb)
Mar 24 01:42:10 nada sshd[31304]: input_userauth_request: invalid user [preauth]
Mar 23 19:07:02 nada sm-mta[20228]: v2NI71CW020228: rejecting commands from ec2-35-165-194-208.us-west-2.compute.amazonaws.com [35.165.194.208] due to pre-greeting traffic after 1 seconds
Mar 23 23:44:38 nada sm-mta[17761]: v2NMibVZ017761: rejecting commands from ecs-160-44-202-130.reverse.open-telekom-cloud.com [160.44.202.130] due to pre-greeting traffic after 1 seconds
Apr 2 16:50:49 nada sshd[1363]: Received disconnect from 58.218.199.145: 11: [preauth]
Apr 2 16:58:34 nada saslauthd[619]: do_auth : auth failure: [user=prueba] [service=smtp] [realm=] [mech=shadow] [reason=Invalid username]
Apr 2 19:08:45 nada saslauthd[604]: do_auth : auth failure: [user=backup] [service=smtp] [realm=] [mech=shadow] [reason=Incorrect password]
Apr 2 18:28:04 nada milter-greylist: DKIM failed: No signature
Apr 2 18:34:03 nada milter-greylist: DKIM failed: Unable to verify
Apr 2 18:36:37 nada milter-greylist: DKIM failed: Key retrieval failed
Apr 2 18:36:58 nada milter-greylist: DKIM failed: Invalid parameter
Apr 2 18:28:04 nada spamc[20324]: connect to spamd on ::1 failed, retrying (#1 of 3): Connection refused
Apr 2 18:28:04 nada spamd[12078]: spamd: connection from localhost.localdomain [127.0.0.1]:57662 to port 783, fd 5
Apr 2 18:28:06 nada spamd[12078]: dns: reply to 9869/IN/A/22211110.com truncated (EDNS 4096 bytes), 89 answer records
Apr 2 19:00:12 nada spamd[12078]: dns: reply to 38195/IN/A/22211110.com truncated (EDNS 4096 bytes), 89 answer records
Apr 2 18:36:44 nada sm-mta[21418]: v32GagN8021418: Milter: data, reject=451 4.3.2 Please try again later
Apr 2 18:34:46 nada HORDE: [horde] Login success for fredrik to horde (46.162.117.83) [pid 25921 on line 164 of "/usr/share/horde/login.php"]
Apr 2 18:34:47 nada HORDE: [imp] Login success for fredrik (46.162.117.83) to {imap://nada.wahlberg.se:993/} [pid 25921 on line 157 of "/usr/share/horde/imp/lib/Auth.php"]
Apr 2 19:31:34 nada HORDE: [kronolith] Failed to retrieve remote calendar: url = "https://calendar.google.com/calendar/ical/wahlis%40gmail.com/private-d6b56e71ef78fa437bcb4df46aaeebad/basic.ics", status = 28 [pid 25488 on line 593 of "/usr/share/horde/kronolith/lib/Driver/Ical.php"]
Apr 2 19:44:16 nada sshd[15909]: Disconnecting: Too many authentication failures for invalid user openvpn from 177.40.96.203 port 58746 ssh2 [preauth]
Apr 2 20:02:18 nada milter-greylist: DKIM failed: No key
Apr 2 19:45:30 nada spamd[12078]: spamd: result: Y 17 - BAYES_50,DATE_IN_PAST_96_XX,HTML_MESSAGE,MIMEOLE_DIRECT_TO_MX,MISSING_MID,PYZOR_CHECK,RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_SBL_CSS,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK scantime=1.8,size=1914,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33068,mid=(unknown),bayes=0.499958,autolearn=no autolearn_force=no
Apr 2 19:49:28 nada spamd[12078]: spamd: result: Y 11 - BAYES_50,DATE_IN_FUTURE_24_48,MISSING_MID,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_SOFTFAIL,URIBL_DBL_SPAM,URIBL_SBL_A scantime=2.5,size=3208,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=39030,mid=(unknown),bayes=0.508483,autolearn=no autolearn_force=no
Apr 2 20:17:48 nada HORDE: User is not authorized for imp [pid 21121 on line 324 of "/usr/share/php/Horde/Registry.php"]
Apr 2 20:37:14 nada spamd[12078]: dns: reply to 52792/IN/TXT/freemediainternet.com truncated (EDNS 4096 bytes), 2 answer records
Apr 2 21:13:53 nada spamd[12078]: dns: reply to 28509/IN/TXT/bronto.com truncated (EDNS 4096 bytes), 13 answer records
Apr 2 22:17:28 nada named[300]: managed-keys-zone: No DNSKEY RRSIGs found for '.': success
Apr 10 05:59:24 marconi named[7781]: validating formelracing.se/SOA: no valid signature found
Apr 10 05:59:24 marconi named[7781]: validating formelracing.se/A: no valid signature found
Apr 10 05:59:24 marconi named[7781]: validating cmqpg0nlq5bi4s4ucti6jj2avrd7mhtj.formelracing.se/NSEC3: no valid signature found
Apr 10 06:49:43 nada named[297]: automatic empty zone: 10.IN-ADDR.ARPA
Apr 10 06:49:43 nada named[297]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Apr 9 22:13:12 nada spamd[15599]: spamd: result: . 4 - BAYES_50,DATE_IN_FUTURE_96_Q,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,MISSING_MID,RP_MATCHES_RCVD,SPF_PASS scantime=2.6,size=11507,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45326,mid=(unknown),bayes=0.485144,autolearn=no autolearn_force=no
Apr 11 00:55:11 nada spamd[13608]: dns: reply to 34774/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records
Apr 11 03:51:10 nada spamd[13608]: dns: reply to 64012/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records
Apr 11 03:51:10 nada spamd[13608]: dns: reply to 15832/IN/A/relayhi3.euro.email truncated (EDNS 4096 bytes), 34 answer records
Apr 11 06:47:59 nada systemd: pam_unix(systemd-user:session): session opened for user nobody by (uid=0)
Apr 11 06:47:59 nada systemd-logind[306]: Existing logind session ID 264242 used by new audit session, ignoring
Apr 11 06:47:59 nada systemd-logind[306]: New session c12 of user nobody.
Apr 11 06:47:59 nada systemd-logind[306]: Removed session c12.
Apr 11 06:48:04 nada systemd: pam_unix(systemd-user:session): session closed for user nobody
Apr 11 06:48:06 nada rndc[15568]: server reload successful
Apr 11 06:48:06 nada named[297]: all zones loaded
Apr 11 06:48:06 nada named[297]: running
Apr 10 18:55:12 nada spamd[22038]: dns: reply to 59370/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records
Apr 10 19:14:32 nada HORDE: User is not authorized for horde [pid 20920 on line 324 of "/usr/share/php/Horde/Registry.php"]
Apr 10 19:14:32 nada HORDE: User is not authorized for horde [pid 20920 on line 324 of "/usr/share/php/Horde/Registry.php"]
Apr 10 19:18:06 nada sendmail[17597]: v3AHI6dq017597: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f
Apr 10 20:11:54 nada HORDE: User is not authorized for horde [pid 15446 on line 324 of "/usr/share/php/Horde/Registry.php"]
Apr 10 20:31:42 nada sendmail[24393]: v3AIVgPU024393: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f
Apr 10 21:18:28 nada HORDE: User is not authorized for horde [pid 28010 on line 324 of "/usr/share/php/Horde/Registry.php"]
Apr 10 21:57:16 nada spamd[19842]: dns: reply to 60884/IN/A/relayhi2.mysmtp.com truncated (EDNS 4096 bytes), 120 answer records
Apr 10 21:57:16 nada spamd[19842]: dns: reply to 43885/IN/A/relayhi3.euro.email truncated (EDNS 4096 bytes), 34 answer records
Apr 11 10:58:01 nada systemd-logind[306]: New session c14 of user fredrik.
Apr 11 11:04:24 nada systemd-logind[306]: New session c15 of user fredrik.
Apr 11 17:47:56 nada milter-greylist: DKIM failed: Syntax error
Apr 11 23:02:34 nada milter-greylist: DKIM failed: Bad signature
Apr 13 16:22:06 nada named[296]: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
Apr 13 05:20:04 nada spamd[4701]: spamd: result: . -1 - ALL_TRUSTED,BAYES_00,MISSING_DATE,MISSING_MID scantime=2.4,size=697,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=59968,mid=(unknown),bayes=0.000000,autolearn=no autolearn_force=no
Apr 13 00:24:51 marconi named[7781]: DNS format error from 8.8.8.8#53 resolving slashdot.org/DS: Name . (SOA) not subdomain of zone org -- invalid response
Apr 12 14:10:54 nada sshd[15793]: error: Received disconnect from 37.229.184.255: 2: Handshake failed [preauth]
Apr 16 07:45:39 nada sshd[31491]: error: Received disconnect from 37.229.184.255: 2: Handshake failed [preauth]
Apr 13 09:47:05 marconi sshd[695]: error: Received disconnect from 37.229.184.255 port 61294:2: Handshake failed [preauth]
Apr 12 15:05:34 nada sm-mta[20644]: v3CD5WoV020644: [60.191.40.195]: probable open proxy: command=GET / HTTP/1.0\r\n
Apr 12 09:45:33 marconi org.gnome.evolution.dataserver.Sources5[25620]: ** (evolution-source-registry:26188): WARNING **: secret_service_search_sync: must specify at least one attribute to match
Apr 13 09:45:33 marconi org.gnome.evolution.dataserver.Sources5[25620]: ** (evolution-source-registry:26188): WARNING **: secret_service_search_sync: must specify at least one attribute to match
Apr 16 16:46:57 nada spamd[17910]: dns: reply to 27982/IN/TXT/micro-campus.com truncated (EDNS 4096 bytes), 1 answer records
Apr 16 00:00:02 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh
Apr 14 13:41:44 nada spamd[3869]: spamd: result: . -2 - BAYES_00,DATE_IN_FUTURE_48_96,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FROM_EXCESS_BASE64,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_MID,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,SPF_HELO_PASS scantime=2.1,size=34843,user=spamass-milter,uid=111,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=60296,mid=(unknown),bayes=0.000000,autolearn=ham autolearn_force=no
Apr 18 13:27:36 nada HORDE: [imp] Message sent to fram.art@comhem.se from katarina (213.112.4.122) [pid 12862 on line 964 of "/usr/share/horde/imp/lib/Compose.php"]
Apr 18 14:38:04 nada HORDE: [imp] Message sent to hello@happysthlm.se from katarina (213.112.4.122) [pid 1013 on line 964 of "/usr/share/horde/imp/lib/Compose.php"]
Apr 18 17:29:30 nada systemd-logind[305]: New session c36 of user petter.
Apr 18 17:29:30 nada systemd: pam_unix(systemd-user:session): session opened for user petter by (uid=0)
Apr 18 17:33:38 nada systemd: pam_unix(systemd-user:session): session closed for user petter
Apr 18 17:29:30 nada internal-sftp[9277]: session opened for local user petter from [212.16.177.66]
Apr 18 17:29:31 nada internal-sftp[9277]: opendir "/home/petter/www.lidberg.se/mazda/Old"
Apr 18 17:29:31 nada internal-sftp[9277]: closedir "/home/petter/www.lidberg.se/mazda/Old"
Apr 18 17:29:38 nada internal-sftp[9277]: open "/home/petter/www.lidberg.se/mazda/Old/demo.html" flags READ mode 0666
Apr 18 17:29:38 nada internal-sftp[9277]: close "/home/petter/www.lidberg.se/mazda/Old/demo.html" bytes read 3754 written 0
Apr 18 17:33:38 nada internal-sftp[9277]: session closed for local user petter from [212.16.177.66]
Apr 17 17:04:31 nada systemd-logind[305]: New session c24 of user petter.
Apr 17 17:04:31 nada systemd-logind[305]: New session c25 of user petter.
Apr 20 20:40:11 marconi named[11602]: client 125.64.94.201#52717: message parsing failed: bad label type
Apr 20 15:39:53 nada freshclam[302]: Downloading bytecode-293.cdiff [100%]
Apr 20 23:40:45 nada freshclam[302]: Downloading bytecode-294.cdiff [100%]
Apr 21 04:37:54 nada HORDE: [imp] PHP ERROR: Invalid argument supplied for foreach() [pid 7168 on line 96 of "/usr/share/horde/imp/lib/Factory/MailboxList.php"]
Apr 20 04:49:50 nada HORDE: [imp] PHP ERROR: Invalid argument supplied for foreach() [pid 27097 on line 96 of "/usr/share/horde/imp/lib/Factory/MailboxList.php"]
Apr 20 13:03:42 nada HORDE: [gollem] PHP ERROR: Invalid argument supplied for foreach() [pid 6356 on line 338 of "/usr/share/horde/gollem/lib/Auth.php"]
Apr 24 07:22:45 marconi hass[18805]: #033[32m17-04-24 07:22:45 INFO (MainThread) [homeassistant.components.automation] Executing Portvakten#033[0m
Apr 24 07:22:45 marconi hass[18805]: #033[32m17-04-24 07:22:45 INFO (MainThread) [homeassistant.helpers.script] Script Portvakten: Running script#033[0m
Apr 24 09:35:01 nada HORDE: [horde] User stiy logged out of Horde (80.251.192.97) [pid 6775 on line 107 of "/usr/share/horde/login.php"]
May 3 18:14:45 nada sshd[30553]: error: Received disconnect from 178.215.81.7: 14: No more user authentication methods available. [preauth]
Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Purged 0 orphaned posts.
Jun 21 16:00:42 marconi update_daemon2.php[27565]: [14:00:42/31191] Removed 0 (feeds) 0 (cats) orphaned counter cache entries.
Jun 21 16:00:43 marconi update_daemon2.php[27565]: [14:00:43/27565] [reap_children] child 31186 reaped.
Jun 21 16:00:43 marconi update_daemon2.php[27565]: [14:00:43/27565] [SIGCHLD] jobs left: 0
Jun 21 16:01:07 marconi update_daemon2.php[27565]: [14:01:07/27565] [MASTER] active jobs: 0, next spawn at 60 sec.
Aug 7 13:15:02 marconi mosquitto[31703]: mosquitto version 1.4.8 (build date Mon, 26 Jun 2017 09:31:02 +0100) starting
Aug 7 13:15:02 marconi mosquitto[31703]: Config loaded from /etc/mosquitto/mosquitto.conf.
Aug 7 13:15:02 marconi mosquitto[31703]: Opening ipv4 listen socket on port 1883.
Aug 7 13:15:02 marconi mosquitto[31703]: Opening ipv6 listen socket on port 1883.
Aug 7 13:15:03 marconi mosquitto[31703]: New connection from 192.168.1.118 on port 1883.
Aug 7 13:15:04 marconi mosquitto[31703]: New connection from 192.168.1.118 on port 1883.
Aug 7 13:15:04 marconi mosquitto[31703]: New client connected from 192.168.1.118 as home-assistant-1 (c1, k60).
Aug 7 13:15:34 marconi mosquitto[31703]: New connection from 82.196.161.66 on port 1883.
Aug 7 13:15:34 marconi mosquitto[31703]: Client fredrikmaximilian disconnected.
Aug 7 13:15:34 marconi mosquitto[31703]: New client connected from 82.196.161.66 as fredrikmaximilian (c0, k3600).
Aug 7 13:45:02 marconi mosquitto[31703]: Saving in-memory database to /var/lib/mosquitto/mosquitto.db.
Aug 21 23:05:12 marconi kernel: [701686.112239] sd 7:0:0:0: [sdd] tag#0
Aug 22 09:00:18 marconi kernel: [737391.088869] sd 7:0:0:0: [sdd] tag#0 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_SENSE
Aug 22 09:00:18 marconi kernel: [737391.088892] sd 7:0:0:0: [sdd] tag#0 Sense Key : Hardware Error [current] [descriptor]
Aug 22 09:00:18 marconi kernel: [737391.088904] sd 7:0:0:0: [sdd] tag#0 Add. Sense: No additional sense information
Aug 22 09:00:18 marconi kernel: [737391.088919] sd 7:0:0:0: [sdd] tag#0 CDB: ATA command pass through(16) 85 06 2c 00 00 00 00 00 00 00 00 00 00 00 e5 00
Sep 9 03:34:14 marconi root: /etc/dhcp/dhclient-enter-hooks.d/avahi-autoipd returned non-zero exit status 1
Sep 9 03:34:14 marconi smbd[2261]: * Reloading /etc/samba/smb.conf smbd
Sep 9 03:34:14 marconi smbd[2261]: ...done.
Sep 9 06:55:41 marconi sshd[11486]: Invalid user 0101 from 91.197.232.109
Sep 9 06:55:41 marconi sshd[11486]: input_userauth_request: invalid user 0101 [preauth]
Sep 9 10:56:11 marconi sshd[2798]: fatal: Unable to negotiate with 54.156.158.234 port 41078: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
Sep 9 10:56:12 marconi sshd[2802]: fatal: Unable to negotiate with 54.156.158.234 port 41330: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
Sep 9 10:56:14 marconi sshd[2816]: fatal: Unable to negotiate with 54.156.158.234 port 42036: no matching host key type found. Their offer: ssh-dss [preauth]
Sep 10 07:35:57 marconi freeradius[3649]: * Reloading FreeRADIUS daemon freeradius
Sep 10 07:35:58 marconi freeradius[3649]: ...done.
Sep 12 10:27:41 nada sm-mta[4522]: STARTTLS: read error=syscall error (-1), errno=104, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
Sep 8 20:49:21 nada sm-mta[14243]: STARTTLS: read error=syscall error (-1), errno=110, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
Sep 11 00:02:05 cocacola sm-mta[4678]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Sep 11 11:32:09 cocacola sshd[5924]: Received disconnect from 5.189.139.2: 11: Normal Shutdown, Thank you for playing [preauth]
Sep 8 13:32:49 marconi sshd[20127]: Received disconnect from 103.27.239.143 port 40512:11: Normal Shutdown, Thank you for playing [preauth]
Sep 12 00:02:08 cocacola sm-mta[8158]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 2 07:25:58 marconi sshd[22932]: Connection closed by invalid user foo 175.6.27.49 port 6920 [preauth]
Nov 2 07:34:03 marconi sshd[25979]: ssh_dispatch_run_fatal: Connection from 170.250.140.52 port 45852: DH GEX group out of range [preauth]
Nov 2 07:34:15 marconi sshd[26033]: Did not receive identification string from 163.172.136.101 port 37627
Nov 2 07:48:30 marconi sshd[30673]: Did not receive identification string from 121.156.90.110 port 44398
Nov 2 07:49:45 marconi sshd[30998]: Disconnecting authenticating user root 180.130.191.9 port 45306: Too many authentication failures [preauth]
Nov 2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
Nov 2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
Nov 2 11:03:21 marconi sshd[15313]: Disconnecting authenticating user root 72.1.255.192 port 56702: Too many authentication failures [preauth]
Nov 2 11:03:25 marconi sshd[15340]: Did not receive identification string from 212.83.136.85 port 63067
Nov 2 11:03:44 marconi sshd[15390]: Did not receive identification string from 212.83.136.85 port 49903
Nov 2 11:48:29 marconi sshd[30727]: Did not receive identification string from 97.79.239.20 port 43399
Nov 2 11:03:28 marconi sshd[15354]: Disconnected from invalid user admin 212.83.136.85 port 62912 [preauth]
Nov 2 11:05:41 marconi sshd[16346]: Disconnected from authenticating user root 121.18.238.119 port 47256 [preauth]
Nov 2 11:55:07 marconi sshd[32705]: Disconnected from authenticating user root 221.194.47.221 port 40633 [preauth]
Nov 2 11:19:59 marconi sshd[20563]: Connection closed by authenticating user root 58.214.22.74 port 6920 [preauth]
Nov 2 11:28:15 marconi sshd[23379]: Connection closed by invalid user admin 218.206.69.40 port 2049 [preauth]
Nov 2 11:29:01 marconi sshd[23537]: Connection closed by invalid user test 106.247.228.75 port 6920 [preauth]
Nov 2 11:55:16 marconi sshd[496]: Connection closed by authenticating user root 112.29.245.145 port 2049 [preauth]
Nov 2 13:11:27 marconi sshd[31688]: Disconnecting invalid user admin 114.97.151.158 port 40382: Too many authentication failures [preauth]
Nov 2 13:26:23 marconi sshd[4249]: Disconnected from user fredrik 66.23.226.92 port 38190
Nov 2 13:28:15 marconi sshd[5020]: Disconnected from user fredrik 66.23.226.92 port 39248
Nov 7 09:58:47 nada freshclam[304]: WARNING: DNS record is older than 3 hours.
Nov 7 09:58:47 nada freshclam[304]: WARNING: Invalid DNS reply. Falling back to HTTP mode.
Nov 7 09:58:48 nada freshclam[304]: Reading CVD header (main.cvd): OK (IMS)
Nov 7 09:58:48 nada freshclam[304]: Reading CVD header (daily.cvd): OK
Nov 7 09:58:49 nada freshclam[304]: Reading CVD header (bytecode.cvd): OK
Nov 7 10:35:56 marconi 50-motd-news[31369]: * Ubuntu 17.10 releases with Gnome, Kubernetes 1.8, and minimal
Nov 7 10:35:56 marconi 50-motd-news[31369]: base images
Nov 7 10:35:56 marconi 50-motd-news[31369]: - https://ubu.one/u1710
Nov 7 10:50:46 marconi sshd[3881]: Unable to negotiate with 173.255.227.186 port 51816: no matching host key type found. Their offer: ssh-dss [preauth]
Nov 13 06:05:46 marconi nmbd[5134]: Packet send failed to 172.18.255.255(138) ERRNO=Ogiltigt argument
Nov 13 10:02:01 marconi sshd[675]: Connection reset by authenticating user root 27.148.158.148 port 3403 [preauth]
Nov 14 08:21:59 marconi systemd-resolved[24610]: Positive Trust Anchors:
Nov 14 08:21:59 marconi systemd-resolved[24610]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Nov 14 08:21:59 marconi systemd-resolved[24610]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Nov 14 08:21:59 marconi systemd-resolved[24610]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Nov 14 08:21:59 marconi systemd-resolved[24610]: Using system hostname 'marconi'.
Nov 16 12:17:46 marconi sshd[32197]: Invalid user cloud-user from 115.47.122.242 port 6920
Nov 16 12:17:47 marconi sshd[32197]: Connection closed by invalid user cloud-user 115.47.122.242 port 6920 [preauth]
Nov 30 06:02:55 marconi sshd[23738]: error: Received disconnect from 103.99.0.207 port 63247:14: No more user authentication methods available. [preauth]
Feb 5 13:02:12 nada milter-greylist: ignoring message beyond maxpeek = 0
Feb 5 13:07:56 nada milter-greylist: ignoring message beyond maxpeek = 0
Feb 5 05:36:40 marconi sshd[12309]: Unable to negotiate with 36.255.159.233 port 65061: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc [preauth]
Feb 5 07:17:24 marconi sshd[31872]: Connection closed by invalid user sap_user 47.205.250.5 port 33272 [preauth]
Feb 5 14:59:07 marconi sshd[21801]: Connection closed by invalid user 0101 5.188.10.179 port 60847 [preauth]
Feb 6 02:20:14 nada saslauthd[610]: do_auth : auth failure: [user=Adm1n!] [service=smtp] [realm=#] [mech=shadow] [reason=Invalid username]
Mar 10 00:04:24 marconi platform[16851]: [2018/03/10 00:04:24 CET] [INFO] Incoming webhook received. Content={"text": "Daglig backup klar
Mar 10 00:04:24 marconi platform[16851]: Daglig backup klar"}
Mar 9 00:02:06 cocacola sm-mta[30768]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 9 05:03:24 cocacola sshd[31876]: Unable to negotiate with 81.3.154.136 port 49595: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc [preauth]
Mar 9 22:51:13 cocacola sshd[1575]: Invalid user from 139.162.122.110 port 47280
Mar 9 23:47:14 nada freshclam[31063]: WARNING: Your ClamAV installation is OUTDATED!
Mar 9 23:47:14 nada freshclam[31063]: WARNING: Local version: 0.99.3 Recommended version: 0.99.4
Mar 9 23:47:14 nada freshclam[31063]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Mar 9 06:51:00 nada spamd[29947]: spamd: server socket closed, type IO::Socket::IP
Mar 9 06:51:00 nada spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config: spamd: restarting using '/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config'
Mar 9 06:51:02 nada spamd[31055]: zoom: able to use 345/345 'body_0' compiled rules (100%)
Mar 9 06:51:04 nada spamd[31055]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.0)
Apr 7 17:14:40 marconi sshd[7328]: Disconnected from invalid user ftp_user 91.121.77.149 port 34669 [preauth]
Apr 7 16:23:06 marconi sshd[28989]: Disconnected from invalid user wp-user 188.166.216.84 port 59622 [preauth]
Aug 4 06:09:58 nada urbackupclientbackend[27338]: ERROR: Token id for user "dkim-milter-python" not found
Aug 4 06:09:58 nada urbackupclientbackend[27338]: ERROR: Token id for group "daemon" not found
Aug 4 06:10:06 nada urbackupclientbackend[27338]: ERROR: Creating shadowcopy of "bind" failed.
Aug 4 06:10:07 nada urbackupclientbackend[27338]: ERROR: Error stating file "/var/www/html/WebCalendar-1.0.0/webcalendar" to get file tokens. Errno: 40
Nov 13 07:54:09 nada spamd[12307]: zoom: able to use 343/343 'body_0' compiled rules (100%)
Nov 13 08:50:17 nada urbackupclientbackend[27338]: ERROR: Error getting file type of /home/fredrik/Maildir/.Administrator/new/1542093981.12828_1.nada
Nov 13 08:51:01 nada urbackupclientbackend[27338]: ERROR: Error getting file type of /home/katarina/Maildir/new/1542092429.12402_0.nada
Nov 16 07:08:09 nada spamd[15284]: util: setuid: ruid=111 euid=111 rgid=65534 65534 egid=65534 65534
Nov 16 07:08:39 nada spamd[20266]: spamd: connection from 127.0.0.1 [127.0.0.1]:49978 to port 783, fd 5
Mar 7 21:39:47 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=jras_81 uid=0 euid=0 tty=dovecot ruser=jras_81 rhost=177.101.130.43
Mar 18 12:52:26 nada dovecot: imap: Connection closed in=172 out=1287
Mar 18 09:58:06 nada dovecot: imap(hans): Disconnected: Disconnected in APPEND (1 msgs, 0 secs, 0/170611 bytes) in=198 out=871
Sep 14 02:16:29 nada opendkim[21955]: x8E0GOqX026235: mta15.achatdesoffres.be [149.202.159.102] not internal
Sep 14 02:20:37 nada opendkim[21955]: x8E0KXlB026281: [194.36.142.89] [194.36.142.89] not internal
Sep 14 02:16:29 nada opendkim[21955]: x8E0GOqX026235: not authenticated
Sep 14 02:16:32 nada opendkim[21955]: x8E0GOqX026235: s=default d=achatdesoffres.be SSL
Sep 14 02:16:32 nada sm-mta[26235]: x8E0GOqX026235: Milter insert (1): header: Authentication-Results: nada.wahlberg.se; dkim=pass\n\treason="1024-bit key; unprotected key"\n\theader.d=achatdesoffres.be header.i=@achatdesoffres.be\n\theader.b=IesLqRjT; dkim-adsp=pass; dkim-atps=neutral
Sep 14 10:10:49 nada opendkim[21955]: x8E8AjNd008607: no signature data
Sep 14 11:30:22 nada opendkim[21955]: x8E9UENg009655: failed to parse Authentication-Results: header field
Sep 14 11:30:25 nada opendkim[21955]: x8E9UENg009655: s=selector2-synsam-onmicrosoft-com d=synsam.onmicrosoft.com SSL
Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: s=d2048-201806-01 d=linkedin.com SSL
Sep 14 09:09:27 nada opendkim[21955]: x8E79KnS021433: message has signatures from duolingo.com, amazonses.com
Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: message has signatures from linkedin.com, maile.linkedin.com
Sep 14 13:47:35 nada opendkim[21955]: x8EBlUbo012372: message has signatures from dezeen.com, cmail2.com
Sep 14 14:49:02 nada opendkim[21955]: x8ECmqeD013147: key retrieval failed (s=s1, d=autopay.io): 's1._domainkey.autopay.io' query timed out
Sep 14 09:11:10 nada sm-mta[25556]: x8E7B7XB025556: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wahlberg.se; s=nada;\n\tt=1568445070; bh=3dNdeUXHIFaesMqctWAFinzRgsJL9TSbDLvCewPx0AA=;\n\th=Date:From:To:Subject:From;\n\tb=gIqORWzv4XZxTmqEizczws8QzvxSupA5mV7t6zhCAFIa8jU4PsrRLKilbNiJ6mBKM\n\t uPWMejDXtm4II2RHbYU72Hcr4vDTTZ8aWOSMj2dHZkwNJPLk26G2ixyDoiksukjdCa\n\t VermS/GC+QEDNO25OmDzZgRqteI0LcQT+cDubjGs=
Sep 14 09:11:13 nada sm-mta[25565]: x8E7BAwe025565: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wahlberg.se; s=nada;\n\tt=1568445073; bh=Vn+jDXhWi4SpjBLMXfn5MlTvLdSQh+QWMlc8Z9pmuE8=;\n\th=Date:From:To:Subject:From;\n\tb=lHGM6jQWF9rnmhMuIw1Y3ct8X+T7B/CJNuvuMIzJVJWpR6PTMk+gRbu2vGPco0tXi\n\t vL1jYwP2GiqZalfLLyzt4j3o2Sn9Aligb5rHUcYU7lTKNkQZ5eGQouzOMi2CKU0ZPf\n\t OFL7q8Bs2xGzMV9JjDV8QiD4vxRvkgdIPi/2Q1Vw=
Sep 14 12:11:07 nada sm-mta[11236]: x8EAB551011236: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wahlberg.se; s=nada;\n\tt=1568455867; bh=GIY8aU09T6APltncQro8PoBjOa1v1kjLwTUxODMDLyA=;\n\th=Date:From:To:Subject:From;\n\tb=YU2/l0yia25vJ6cUZTOm7JeHsl5iQQHzrBpsFcexo9lTNyANc7Em9m7UDuleMdcnj\n\t rrMyDym9DL1wDGFuvPtifKf88m2jLW5aH7MzOYSxt1/h5kStQhFzQlGEhnPV9UN0pL\n\t AFaV9+Uo0AzHtOvLJGRqT4F9C7SSLkEOaoHw9hX0=
Sep 15 13:25:02 nada opendkim[21955]: x8FBOtch014266: failed to parse authentication-results: header field
Sep 15 09:59:26 nada opendkim[21955]: x8F7xMhM010212: bad signature data
Oct 29 09:03:40 nada spamd[11605]: spamd: connection from ::1 [::1]:33100 to port 783, fd 5
Nov 20 09:20:12 nada opendkim[504]: xAK8K5B8032017: no signing table match for 'gregory@mc-cabe.com'
Dec 19 17:32:19 nada named[5082]: managed-keys-zone: Active key unexpectedly missing from dlv.isc.org
Oct 25 16:09:06 nada sendmail[6185]: STARTTLS=client: file /etc/letsencrypt/live/wahlberg.se-0005/cert.pem unsafe: Permission denied
Oct 25 16:09:06 nada sendmail[6185]: STARTTLS=client: file /etc/letsencrypt/live/wahlberg.se-0005/privkey.pem unsafe: Permission denied
Oct 25 16:09:06 nada sendmail[6185]: STARTTLS=client: file /etc/letsencrypt/live/wahlberg.se-0005/chain.pem unsafe: Permission denied
Oct 25 16:09:06 nada sendmail[6185]: STARTTLS=client, error: load verify locs /etc/letsencrypt/live/wahlberg.se, /etc/letsencrypt/live/wahlberg.se-0005/chain.pem failed: 0
Oct 25 16:09:06 nada sendmail[6185]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Oct 25 16:09:07 nada dovecot: imap(cali)<6187><VJ9j5y3PLGtU2IAZ>: Connection closed (LIST finished 0.681 secs ago) in=50 out=4627 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:09:11 nada dovecot: imap(cali)<6191><0YeK5y3POWtU2IAZ>: Connection closed (UID FETCH finished 0.414 secs ago) in=2469 out=29554 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=815 body_count=1 body_bytes=10219
Oct 25 16:09:13 nada dovecot: imap(cali)<6202><AQ2/5y3PR2tU2IAZ>: Connection closed (UID FETCH finished 0.248 secs ago) in=1645 out=14821 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:11:22 nada dovecot: imap(birgitta)<6227><UsN17y3PIZmwCoeK>: Connection closed (LIST finished 0.267 secs ago) in=50 out=1686 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:11:25 nada dovecot: imap(birgitta)<6229><hy6R7y3PIpmwCoeK>: Connection closed (UID FETCH finished 0.651 secs ago) in=2167 out=75936 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=371 body_count=1 body_bytes=59017
Oct 25 16:11:28 nada dovecot: imap(birgitta)<6231><EUrG7y3PI5mwCoeK>: Connection closed (UID FETCH finished 0.308 secs ago) in=1343 out=13798 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:12:03 nada dovecot: imap(birgitta)<6234><FIzn8S3PJ5mwCoeK>: Connection closed (LIST finished 0.427 secs ago) in=50 out=1686 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:12:05 nada dovecot: imap(birgitta)<6236><V/gC8i3PKJmwCoeK>: Connection closed (UID FETCH finished 0.295 secs ago) in=1906 out=15850 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:12:08 nada dovecot: imap(birgitta)<6238><HrMj8i3PKZmwCoeK>: Connection closed (UID FETCH finished 0.351 secs ago) in=1343 out=13806 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct 25 16:12:10 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredrik uid=0 euid=0 tty=dovecot ruser=fredrik rhost=46.59.26.111
Oct 25 16:13:00 nada dovecot: imap(fredrik)<6240><99Nk8i3P18suOxpv>: Logged out in=2119 out=386189 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=1 body_bytes=26072
Oct 26 08:00:43 nada opendkim[452]: 19Q60b6K009441: s=smtpapi d=sendgrid.net a=rsa-sha256 SSL
Oct 26 08:00:58 nada opendkim[452]: 19Q60oUL009449: s=s1 d=alloffice.se a=rsa-sha256 SSL
Oct 26 08:02:39 nada opendkim[452]: 19Q62XN9009466: s=dk d=s6.csa2.acemsa2.com a=rsa-sha256 SSL
Oct 26 08:03:24 nada opendkim[452]: 19Q63GTn009473: s=neolane d=email.hm.com a=rsa-sha256 SSL
Oct 26 08:05:29 nada opendkim[452]: 19Q65Jlq009498: s=bedrock d=lrfsamkop.se a=rsa-sha1 SSL
Oct 26 08:07:42 nada opendkim[452]: 19Q67at9009525: s=key1 d=s8.uwentos.ru a=rsa-sha1 SSL
Feb 6 00:50:43 nada opendkim[11209]: 215Nodvf000505: syntax error: missing parameter(s) in signature data
Feb 6 01:00:04 nada named[2607]: client @0xf25c9754 46.21.104.9#50736: received notify for zone 'thulin.info'
Feb 6 01:00:04 nada named[2607]: client @0xf25d1ea4 46.21.104.9#50736: received notify for zone 'lidberg.se'
Feb 6 03:22:50 nada opendkim[11209]: 2162MlIG003947: syntax error: missing parameter(s) in signature data
Feb 6 03:33:13 nada opendkim[11209]: 2162XAh3004159: syntax error: missing parameter(s) in signature data
Feb 6 05:49:41 nada opendkim[11209]: 2164nbMA007755: syntax error: missing parameter(s) in signature data
Feb 5 21:24:45 nada named[2607]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
Feb 5 10:57:24 nada sshd[10567]: error: kex_exchange_identification: banner line contains invalid characters
Feb 5 10:57:24 nada sshd[10567]: banner exchange: Connection from 164.52.24.164 port 40043: invalid format
Feb 5 10:57:28 nada sshd[10568]: error: kex protocol error: type 30 seq 1 [preauth]
Feb 4 12:47:13 nada sshd[8428]: error: kex_exchange_identification: client sent invalid protocol identifier "0"
Feb 5 12:34:09 nada opendkim[11209]: 215BY3W7014029: can't parse From: header value ' Administrator'
Feb 4 21:20:45 nada opendkim[11209]: 214KKdrR021463: syntax error: missing parameter(s) in signature data
Feb 2 03:18:13 nada sshd[22960]: Connection reset by invalid user admin 61.74.183.79 port 61300 [preauth]
Feb 2 04:36:04 nada sshd[25211]: Connection reset by invalid user default 220.80.142.228 port 60384 [preauth]
Feb 2 06:03:18 nada sshd[27153]: Connection reset by invalid user pi 175.196.231.248 port 53934 [preauth]
Feb 1 22:21:52 nada sm-mta[12010]: STARTTLS=client, relay=mx.ilait.se., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Feb 1 14:50:24 nada sm-mta[31372]: STARTTLS=client, relay=mail2.ahrenbecks.se., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Feb 1 14:52:25 nada sshd[31488]: Connection reset by invalid user admin 220.133.144.131 port 53363 [preauth]
Feb 1 15:03:04 nada sm-mta[31865]: STARTTLS=client, relay=mx2.pub.mailpod2-cph3.one.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Feb 1 17:36:00 nada sshd[11797]: error: beginning MaxStartups throttling
Feb 1 17:36:00 nada sshd[11797]: drop connection #8 from [185.187.169.16]:43156 on [66.23.226.92]:22 past MaxStartups
Feb 1 17:38:06 nada sshd[11797]: exited MaxStartups throttling after 00:02:06, 21 connections dropped
Feb 2 06:21:16 nada sshd[11797]: error: beginning MaxStartups throttling
Feb 2 06:21:16 nada sshd[11797]: drop connection #6 from [8.142.110.165]:42344 on [66.23.226.92]:22 past MaxStartups
Feb 2 06:23:53 nada sshd[11797]: exited MaxStartups throttling after 00:02:39, 3 connections dropped
Feb 2 06:27:17 nada sshd[29129]: Connection reset by invalid user sFTPUser 121.138.91.29 port 62397 [preauth]
Feb 2 06:33:53 nada sshd[29299]: Connection reset by invalid user dnsekakf2$$ 115.23.139.186 port 52621 [preauth]
Feb 2 06:55:20 nada runuser: pam_unix(runuser:session): session opened for user debian-spamd(uid=119) by (uid=0)
Feb 2 06:55:20 nada runuser: pam_unix(runuser:session): session closed for user debian-spamd
Feb 2 06:55:41 nada spamd: spamd: restarting using '/usr/sbin/spamd -d --pidfile=/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir --user-config'
Feb 2 06:55:44 nada spamd[30099]: util: setuid: ruid=0 euid=0 rgid=0 egid=0
Feb 2 06:55:44 nada spamd[30095]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.6)
Feb 2 07:12:52 nada sshd[30636]: Connection reset by invalid user zyfwp 180.56.184.5 port 34852 [preauth]
Feb 2 07:28:55 nada sshd[31081]: Connection reset by invalid user pi 121.141.32.164 port 34881 [preauth]
Feb 2 07:35:27 nada sshd[31310]: Connection reset by invalid user admin 220.118.225.128 port 37353 [preauth]
Feb 2 09:40:32 nada sshd[2620]: Connection reset by invalid user admin 222.119.163.32 port 63680 [preauth]
Feb 2 09:45:58 nada sm-mta[2775]: STARTTLS=client, relay=edu-stockholm-se.mail.protection.outlook.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Feb 2 09:45:59 nada sm-mta[2775]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Feb 2 11:13:00 nada sshd[8118]: Connection reset by invalid user telnet 210.179.113.202 port 34533 [preauth]
Feb 3 06:44:29 nada runuser: pam_unix(runuser:session): session opened for user debian-spamd(uid=119) by (uid=0)
Feb 3 06:44:29 nada runuser: pam_unix(runuser:session): session closed for user debian-spamd
Feb 2 13:35:21 nada sshd[13048]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 37348: Connection corrupted [preauth]
Feb 2 22:47:21 nada sshd[21634]: ssh_dispatch_run_fatal: Connection from 70.114.119.116 port 39346: Connection corrupted [preauth]
Jan 31 05:32:36 nada sshd[30890]: ssh_dispatch_run_fatal: Connection from 121.157.157.209 port 63506: message authentication code incorrect [preauth]
Feb 2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
Feb 5 01:04:52 nada sshd[26681]: fatal: userauth_pubkey: parse request failed: incomplete message [preauth]
Feb 5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceeded for invalid user ec2-user from 183.107.58.230 port 63999 ssh2 [preauth]
Feb 5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth]
Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth]
Feb 20 17:01:46 nada sshd[32112]: Received disconnect from 82.183.31.32 port 49498:11: cleanup
Dec 2 12:09:09 nada named[256]: client @0xf25d0a70 127.0.0.1#33754 (mail._domainkey.ahrenbecks.se): query failed (failure) for mail._domainkey.ahrenbecks.se/IN/A at query.c:7465
Dec 2 12:09:09 nada named[256]: validating shsye.org/NS: no valid signature found
Dec 2 12:09:09 nada named[256]: validating 20150901._domainkey.smgrid.com/NSEC: no valid signature found
Dec 2 17:53:41 nada sendmail[6529]: gethostbyaddr(172.17.0.1) failed: 1
Dec 1 18:09:32 nada named[256]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
Dec 1 00:38:25 nada named[256]: checkhints: l.root-servers.net/AAAA (2001:500:3::42) extra record in hints
Jan 20 06:09:13 nada named[256]: skipping nameserver 'ns2.seotraininghut.com' because it is a CNAME, while resolving 'root._domainkey.bbchempack.com/A'
Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: signer "fredrik.wahlberg.se" approved
Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': deleting rrset at 'casanegra.wahlberg.se' A
Jan 20 06:49:10 nada named[256]: client @0xf1e2aeb0 155.4.86.220#37125/key fredrik.wahlberg.se: updating zone 'wahlberg.se/IN': adding an RR at 'casanegra.wahlberg.se' A 155.4.86.220
Jan 20 08:06:05 nada dbus-daemon[240]: [system] Reloaded configuration
Jan 20 19:12:46 nada named[256]: client @0xf20be340 45.148.10.241#23353 (e\003co): query failed (REFUSED) for e\003co/IN/ANY at query.c:5560
Jan 21 09:45:23 nada sshd[14807]: error: kex_protocol_error: type 20 seq 2 [preauth]
Mar 27 21:52:08 nada sshd[31920]: Received disconnect from 212.70.149.150 port 19201:11: Bye [preauth]
Mar 27 23:07:45 nada sshd[951]: Received disconnect from 212.70.149.150 port 36664:11: Bye [preauth]
Mar 31 08:57:09 nada sshd[32339]: Received disconnect from 185.224.128.34 port 38898:11: end [preauth]
Mar 31 19:21:30 nada sshd[18955]: Disconnected from invalid user 212.70.149.150 port 27437 [preauth]
Mar 31 20:28:36 nada sshd[21092]: Disconnected from invalid user 212.70.149.150 port 28708 [preauth]
Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
Aug 23 18:39:24 nada fredrik[1713]: Sista raden
Reference in New Issue View Git Blame Copy Permalink