exim paniclog /var/log/exim4/paniclog has non-zero size, mail system might be broken.

Post Reply
ikheetjeff
Posts: 15
Joined: Tue Jul 20, 2021 4:06 am

Hi,

I get every morning a mail with this error.

Code: Select all

exim paniclog /var/log/exim4/paniclog on **MY HOSTNAME** has non-zero size, mail system might be broken. The last 10 lines are quoted below.

2021-10-13 21:52:42 daemon: accept process fork failed: Cannot allocate memory
2021-10-15 02:50:02 1mbBQA-0003aa-1q 1mbBQA-0003aa-1q bad addresses found in headers
But i have enough free memory.
Image

This also only in my paniclog file:
Image

Anyone knows how to fix this?

Thank you in advance.
ikheetjeff
Posts: 15
Joined: Tue Jul 20, 2021 4:06 am

I have also checked the mainlog of 2021-10-15, 02:50:02:

Code: Select all

2021-10-15 02:35:17 no host name found for IP address 203.159.80.60
2021-10-15 02:35:19 dovecot_login authenticator failed for ([203.159.80.60]) [203.159.80.60]: 535 Incorrect authentication data (set_id=postmaster)
2021-10-15 02:36:35 no host name found for IP address 136.144.41.87
2021-10-15 02:36:38 dovecot_login authenticator failed for ([136.144.41.87]) [136.144.41.87]: 535 Incorrect authentication data (set_id=postmaster)
2021-10-15 02:37:28 no host name found for IP address 45.133.1.127
2021-10-15 02:37:30 dovecot_login authenticator failed for ([45.133.1.127]) [45.133.1.127]: 535 Incorrect authentication data (set_id=info)
2021-10-15 02:38:16 no host name found for IP address 45.144.225.232
2021-10-15 02:38:18 dovecot_login authenticator failed for ([45.144.225.232]) [45.144.225.232]: 535 Incorrect authentication data (set_id=postmaster)
2021-10-15 02:41:17 no host name found for IP address 141.98.10.210
2021-10-15 02:41:19 dovecot_login authenticator failed for (65.21.254.217) [141.98.10.210]: 535 Incorrect authentication data (set_id=impresora)
2021-10-15 02:46:53 no host name found for IP address 31.210.20.7
2021-10-15 02:46:55 dovecot_login authenticator failed for ([31.210.20.7]) [31.210.20.7]: 535 Incorrect authentication data (set_id=postmaster)
2021-10-15 02:47:28 no host name found for IP address 45.133.1.58
2021-10-15 02:47:30 dovecot_login authenticator failed for ([45.133.1.58]) [45.133.1.58]: 535 Incorrect authentication data (set_id=test1)
2021-10-15 02:50:02 1mbBQA-0003aa-1q 1mbBQA-0003aa-1q bad addresses found in headers
2021-10-15 02:50:02 1mbBQA-0003ai-2S U=Debian-exim Warning: Sender rate [limitlog]: log / account /  / 1.0 / 1h
2021-10-15 02:50:02 1mbBQA-0003ai-2S <= <> R=1mbBQA-0003aa-1q U=Debian-exim P=local S=1244
2021-10-15 02:50:02 1mbBQA-0003ai-2S => admin <root@** MY HOSTNAME **> R=localuser T=local_delivery
2021-10-15 02:50:02 1mbBQA-0003ai-2S Completed
2021-10-15 02:50:27 no host name found for IP address 136.144.41.132
2021-10-15 02:50:29 dovecot_login authenticator failed for ([136.144.41.132]) [136.144.41.132]: 535 Incorrect authentication data (set_id=test1)
2021-10-15 02:52:53 no host name found for IP address 212.192.241.186
2021-10-15 02:52:55 dovecot_login authenticator failed for ([212.192.241.186]) [212.192.241.186]: 535 Incorrect authentication data (set_id=test1)
2021-10-15 02:55:13 Start queue run: pid=31055
2021-10-15 02:55:13 End queue run: pid=31055
And, i see my mainlog ful with errors like this:

Code: Select all

2021-10-23 00:35:40 dovecot_login authenticator failed for ([195.133.40.41]) [195.133.40.41]: 535 Incorrect authentication data (set_id=user)
2021-10-23 00:35:52 no host name found for IP address 45.144.225.204
2021-10-23 00:35:54 dovecot_login authenticator failed for ([45.144.225.204]) [45.144.225.204]: 535 Incorrect authentication data (set_id=user)
2021-10-23 00:37:31 no host name found for IP address 45.133.1.102
2021-10-23 00:37:33 dovecot_login authenticator failed for ([45.133.1.102]) [45.133.1.102]: 535 Incorrect authentication data (set_id=support)
2021-10-23 00:37:35 no host name found for IP address 45.144.225.205
2021-10-23 00:37:38 dovecot_login authenticator failed for ([45.144.225.205]) [45.144.225.205]: 535 Incorrect authentication data (set_id=user)
2021-10-23 00:38:12 no host name found for IP address 31.210.20.109
2021-10-23 00:38:14 dovecot_login authenticator failed for ([31.210.20.109]) [31.210.20.109]: 535 Incorrect authentication data (set_id=user)
2021-10-23 00:39:15 no host name found for IP address 45.133.1.109
2021-10-23 00:39:17 dovecot_login authenticator failed for ([45.133.1.109]) [45.133.1.109]: 535 Incorrect authentication data (set_id=support)
2021-10-23 00:39:19 no host name found for IP address 195.133.40.63
2021-10-23 00:39:21 dovecot_login authenticator failed for ([195.133.40.63]) [195.133.40.63]: 535 Incorrect authentication data (set_id=user)
2021-10-23 00:40:55 no host name found for IP address 136.144.41.70
2021-10-23 00:40:57 dovecot_login authenticator failed for ([136.144.41.70]) [136.144.41.70]: 535 Incorrect authentication data (set_id=support)
2021-10-23 00:43:42 no host name found for IP address 203.159.80.190
2021-10-23 00:43:46 dovecot_login authenticator failed for ([203.159.80.190]) [203.159.80.190]: 535 Incorrect authentication data (set_id=aa)
2021-10-23 00:46:11 no host name found for IP address 203.159.80.60
2021-10-23 00:46:13 dovecot_login authenticator failed for ([203.159.80.60]) [203.159.80.60]: 535 Incorrect authentication data (set_id=aa)
2021-10-23 00:48:07 no host name found for IP address 136.144.41.132
2021-10-23 00:48:10 dovecot_login authenticator failed for ([136.144.41.132]) [136.144.41.132]: 535 Incorrect authentication data (set_id=user)
2021-10-23 00:51:42 no host name found for IP address 195.133.40.83
2021-10-23 00:51:44 dovecot_login authenticator failed for ([195.133.40.83]) [195.133.40.83]: 535 Incorrect authentication data (set_id=support)
2021-10-23 00:52:03 Start queue run: pid=32052
2021-10-23 00:52:03 End queue run: pid=32052

Code: Select all

2021-10-15 00:51:47 TLS error on connection from scanner-25.ch1.censys-scanner.com [162.142.125.196] (recv): The TLS connection was non-properly terminated.
 2021-10-15 07:48:01 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[104.140.188.2] input="GET / HTTP/1.1\r\nHost: 65.21.254."

Code: Select all

2021-10-15 01:34:51 dovecot_login authenticator failed for (User) [77.247.110.156]: 535 Incorrect authentication data (set_id=admin@<HOSTNAME DOMAIN>)
2021-10-15 01:34:57 dovecot_login authenticator failed for (User) [77.247.110.156]: 535 Incorrect authentication data (set_id=admin@<HOSTNAME DOMAIN>)
2021-10-15 01:35:07 dovecot_login authenticator failed for (User) [77.247.110.156]: 535 Incorrect authentication data (set_id=admin@<HOSTNAME DOMAIN>)
2021-10-15 01:35:24 dovecot_login authenticator failed for (User) [77.247.110.156]: 535 Incorrect authentication data
2021-10-15 01:37:54 no host name found for IP address 141.98.10.210
2021-10-15 01:37:56 dovecot_login authenticator failed for (65.21.254.217) [141.98.10.210]: 535 Incorrect authentication data (set_id=contact)
2021-10-15 01:39:50 no host name found for IP address 37.0.11.192
2021-10-15 01:39:52 dovecot_login authenticator failed for ([37.0.11.192]) [37.0.11.192]: 535 Incorrect authentication data (set_id=admin)
2021-10-15 01:53:51 no host name found for IP address 37.49.225.153
2021-10-15 01:53:53 dovecot_login authenticator failed for (User) [37.49.225.153]: 535 Incorrect authentication data (set_id=test01@<HOSTNAME DOMAIN>)
2021-10-15 01:53:59 dovecot_login authenticator failed for (User) [37.49.225.153]: 535 Incorrect authentication data (set_id=test01@<HOSTNAME DOMAIN>)
2021-10-15 01:54:09 dovecot_login authenticator failed for (User) [37.49.225.153]: 535 Incorrect authentication data (set_id=test01@<HOSTNAME DOMAIN>)
2021-10-15 01:54:26 dovecot_login authenticator failed for (User) [37.49.225.153]: 535 Incorrect authentication data
Is this "normal"?
ikheetjeff
Posts: 15
Joined: Tue Jul 20, 2021 4:06 am

Okay, I took a closer look. I can remember once when I wanted to run something on the server, but there was no memory available. So I think that was on 13-10. That explains that error message. That leaves this message:

Code: Select all

2021-10-15 02:50:02 1mbBQA-0003aa-1q 1mbBQA-0003aa-1q bad addresses found in headers
I have not been able to find a clear explanation on the internet. I just then went to see what mail was sent at 02:50. That was this email:
Image

It is true that there was no connection for a while at that time. I did a sudo apt update & upgrade. Then mysql dropped out for a while. I have vesta on two servers, and had also updated another server. That one also had the same error. I think it has already been explained in this one. I have therefore emptied paniclog now.

Is there perhaps something else that needs to be adjusted in VestaCP to avoid this error message? Otherwise, are the error messages in mainlog normal? I don't have all these error messages on another server (with myVesta). There I only have erros like this:

Code: Select all

2021-10-22 22:03:54 Start queue run: pid=23665
2021-10-22 22:03:54 1mdm73-0003Zw-99 Message is frozen
2021-10-22 22:03:54 1mdkmn-0002XX-VX Message is frozen
2021-10-22 22:03:54 1mdPdV-000365-CK Message is frozen
2021-10-22 22:03:54 1mdOJG-00023m-9V Message is frozen
2021-10-22 22:03:54 End queue run: pid=23665
2021-10-22 22:33:54 Start queue run: pid=24965
2021-10-22 22:33:54 1mdm73-0003Zw-99 Message is frozen
2021-10-22 22:33:54 1mdkmn-0002XX-VX Message is frozen
2021-10-22 22:33:54 1mdPdV-000365-CK Message is frozen
2021-10-22 22:33:54 1mdOJG-00023m-9V Message is frozen
2021-10-22 22:33:54 End queue run: pid=24965
User avatar
myVesta
Site Admin
Posts: 928
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

If your exim is up, there is nothing to worry about.
You can see what was the problem by looking that log:

Code: Select all

cat /var/log/exim4/paniclog
Then you can erase panic log with:

Code: Select all

truncate -s 0 /var/log/exim4/paniclog
Post Reply