Bonjour,
mon francais n’est pas tres bon… mais je vais essayer parce que j’ai un probleme avec mon server.
J’ai installe yunohost hier - avec un user (YHUSER) et le programme Transmission.
Mais la connection de l’internet etait termine a 3:00.
Est-ce possible que mon serveur ait été utilisé pour le courrier SPAM Mail?
Il y a des tentatives de connexion par fil (mail.log)
Feb 8 19:44:48 MYSERVER postfix/smtpd[24246]: connect from wsip-24-234-54-82.lv.lv.cox.net[24.234.54.82]
Feb 8 19:44:49 MYSERVER postfix/smtpd[24246]: disconnect from wsip-24-234-54-82.lv.lv.cox.net[24.234.54.82]
Feb 8 19:45:37 MYSERVER postfix/master[14149]: terminating on signal 15
Feb 8 19:45:38 MYSERVER postfix/master[25578]: daemon started -- version 2.11.3, configuration /etc/postfix
Feb 8 19:45:38 MYSERVER dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
...
Feb 8 23:48:13 MYSERVER rmilter[26724]: <f7b3229704>; accepted connection from MYDOMAIN.LTD; client: 113.64.235.50:2375 ([113.64.235.50])
Feb 8 23:48:15 MYSERVER postfix/smtpd[29132]: warning: Illegal address syntax from unknown[113.64.235.50] in MAIL command: xo@ore.net
Feb 8 23:48:15 MYSERVER postfix/smtpd[29132]: lost connection after MAIL from unknown[113.64.235.50]
Feb 8 23:48:15 MYSERVER postfix/smtpd[29132]: disconnect from unknown[113.64.235.50]
Feb 8 23:48:16 MYSERVER postfix/smtpd[29132]: connect from unknown[113.64.235.50]
Feb 8 23:48:16 MYSERVER rmilter[26724]: <0d1e40c3d8>; accepted connection from MYDOMAIN.LTD; client: 113.64.235.50:3400 ([113.64.235.50])
Feb 8 23:48:18 MYSERVER postfix/smtpd[29132]: lost connection after AUTH from unknown[113.64.235.50]
Feb 8 23:48:18 MYSERVER postfix/smtpd[29132]: disconnect from unknown[113.64.235.50]
Feb 8 23:48:18 MYSERVER postfix/smtpd[29132]: connect from unknown[113.64.235.50]
(mail.warn)
Feb 8 19:58:19 MYSERVER dovecot: log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 8 23:48:15 MYSERVER postfix/smtpd[29132]: warning: Illegal address syntax from unknown[113.64.235.50] in MAIL command: xo@ore.net
Est-il normal qu’un YHUSER fonctionne comme root? (auth.log)
Feb 8 19:57:45 MYSERVER sudo: admin : TTY=unknown ; PWD=/var/cache/yunohost/from_file/transmission_ynh-53248789250980/scrip$
Feb 8 19:57:45 MYSERVER sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Feb 8 19:57:45 MYSERVER sudo: pam_unix(sudo:session): session closed for user root
Feb 8 19:57:45 MYSERVER sudo: pam_unix(sudo:session): session closed for user admin
Feb 8 20:01:13 MYSERVER su[28782]: Successful su for YHUSER by root
Feb 8 20:01:13 MYSERVER su[28782]: + ??? root:YHUSER
Feb 8 20:01:13 MYSERVER su[28782]: pam_unix(su:session): session opened for user YHUSER by (uid=0)
Feb 8 20:01:13 MYSERVER su[28782]: pam_unix(su:session): session closed for user YHUSER
Feb 8 20:09:01 MYSERVER CRON[28792]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 8 20:09:01 MYSERVER CRON[28792]: pam_unix(cron:session): session closed for user root
le syslog a multible activite de postfix
Feb 8 23:48:18 MYSERVER postfix/smtpd[29132]: connect from unknown[113.64.235.50]
Feb 8 23:48:18 MYSERVER rmilter[26724]: <3a4a60fb43>; accepted connection from MYDOMAIN.LTD; client: 113.64.235.50:2201 ([113.64.235.50])
Feb 8 23:48:20 MYSERVER postfix/smtpd[29132]: lost connection after AUTH from unknown[113.64.235.50]
Feb 8 23:48:20 MYSERVER postfix/smtpd[29132]: disconnect from unknown[113.64.235.50]