Results 1 to 5 of 5
  1. #1

    Need help to understand entries in /var/log/maillog

    I see maillog full of these entries:

    Oct 31 19:38:41 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    Oct 31 19:38:43 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101
    Oct 31 19:48:42 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    Oct 31 19:48:43 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101
    Oct 31 19:58:41 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    Oct 31 19:58:43 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101
    Oct 31 20:49:24 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    Oct 31 20:49:26 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101
    Oct 31 20:59:54 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    Oct 31 20:59:55 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101

    Why does it mean? (I've changed site/ip address here).

  2. #2
    Looks like a possible TLS handshake error. To debug these problems, I'd rely on openssl and ssldump and tcpdump/wireshark (assuming you have the private key of the server).

    Take a capture of the traffic that generates these logs and together with private key run it by ssldump or wireshark and see where it fails.

    I've had something similar with IMAPS and some old LG phone software aborting the connection.

  3. #3
    Join Date
    May 2012
    Location
    India
    Posts
    1,026
    Quote Originally Posted by rag_gupta View Post
    I see maillog full of these entries:




    Why does it mean? (I've changed site/ip address here).
    Everything is pretty normal here. Its the POP3 connection logs for various accounts. what more do you want to know?.

  4. #4
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Yes, everything looks fine.

    Code:
    Oct 31 19:38:41 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    POP + SSL enabled login; remote IP is 49.249.0.218 and it is established connection to server's local IP 96.44.83.44; the email address used is contactus+mysite.com

    Code:
    Oct 31 19:38:43 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101
    It says the user has logged out ( after polling the mailbox );

    top = number of TOP commands run
    retr = number of RETR command run
    del = number of deleted messages
    size = mailbox size in bytes (before deletion)
    bytes = number of bytes sent to client as a result of RETR command

  5. #5
    Quote Originally Posted by nixtree View Post
    Yes, everything looks fine.

    Code:
    Oct 31 19:38:41 host dovecot: pop3-login: Login: user=<contactus+mysite.com>, method=PLAIN, rip=49.249.0.218, lip=96.44.83.44, TLS
    POP + SSL enabled login; remote IP is 49.249.0.218 and it is established connection to server's local IP 96.44.83.44; the email address used is contactus+mysite.com

    Code:
    Oct 31 19:38:43 host dovecot: POP3(contactus+mysite.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=1178, bytes=24/101
    It says the user has logged out ( after polling the mailbox );

    top = number of TOP commands run
    retr = number of RETR command run
    del = number of deleted messages
    size = mailbox size in bytes (before deletion)
    bytes = number of bytes sent to client as a result of RETR command
    Pretty well explained!
    || Web Hosting Blog - Web Hosting security & latest web hosting industry Announcements
    || Web Hosting Discussion - A Web Hosting community

Similar Threads

  1. i deleted /var/log/maillog by mistake - plz help!
    By Dr. Bogger in forum Hosting Security and Technology
    Replies: 6
    Last Post: 03-22-2006, 11:03 PM
  2. RaQ4. odd entries in /var/log/messages
    By horoscopes2000 in forum Dedicated Server
    Replies: 5
    Last Post: 10-31-2004, 03:11 PM
  3. tail -f /var/log/maillog is not working
    By webline in forum Dedicated Server
    Replies: 2
    Last Post: 07-19-2003, 07:05 PM
  4. File /var/log/maillog cannot be read.
    By -Edward- in forum Dedicated Server
    Replies: 2
    Last Post: 04-17-2003, 10:18 AM
  5. maillog backups under /var/log
    By aljuhani in forum Dedicated Server
    Replies: 0
    Last Post: 06-06-2002, 05:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •