Posted on by SYSMGR

01-Oct-2015

Maintenance
No surprises. The system is stable, the amount of memory in use is constantly about 75%, the number of processes keeps within range (typically somewhere between 60 and 65, but at times less or more, but never over a prolonged period).
Mail holds no surprises either:

Saving PMAS logs to DKA0:[LOGSARCHIVE]PMASSEP2015.zip
PMAS statistics for September
Total messages    :   2499 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :   1401 =  56.0 o/o (Files: 30)
Accepted by PMAS  :   1098 =  43.9 o/o (Files: 30)
 Handled by explicit rule
        Rejected :    595 =  54.1 o/o (processed),  23.8 o/o (all)
        Accepted :    194 =  17.6 o/o (processed),   7.7 o/o (all)
 Handled by content
       Discarded :    145 =  13.2 o/o (processed),   5.8 o/o (all)
    Quarantained :    138 =  12.5 o/o (processed),   5.5 o/o (all)
       Delivered :     26 =   2.3 o/o (processed),   1.0 o/o (all)

The vast majority of relay attempts was on 13-Sep, from one address and different senders (or recepients – I’ve asked Process on the layout of this logfile):

13-SEP-2015 07:41:42.43|R|59.38.97.206|rvaeh@grootersnet.nl|xiaonanzi11162@163.com|550 5.7.1 Relaying not allowed: xiaonanzi11162@1`
...
13-SEP-2015 07:42:08.01|R|59.38.97.206|ptxc@grootersnet.nl|z13699753428@vip.163.com|550 5.7.1 Relaying not allowed: z13699753428@vi`
...
13-SEP-2015 09:29:55.50|R|59.38.97.206|lpd@grootersnet.nl|z13699753428@vip.163.com|550 5.7.1 Relaying not allowed: z13699753428@vip ...

Update
On what Hunter explained, the sender at 59.38.97.206 forges the FROM: line to mimic my domain (so NONE of these messages are actually sent by me) and tries to reach the next person. Quite likely this is the offender trying to get through, or a system to be breached. So now I know the route for investigation.
End Update

Apart from these, there were a few that, according the addresses, were control-messages:

13-SEP-2015 12:08:37.00|R|202.28.68.120|admin@goodservers.com|joneslarry481@gmail.com|550 5.7.1 Relaying not allowed: joneslarry481`
13-SEP-2015 13:10:19.79|R|203.42.3.104|server@checking.net|csclus.smtp@gmail.com|550 5.7.1 Relaying not allowed: csclus.smtp@gmail.`
13-SEP-2015 14:27:37.43|R|114.43.4.43|support@microsoft.com|support@microsoft.com|550 5.7.1 Relaying not allowed: support@microsoft`
13-SEP-2015 14:33:39.42|R|196.207.30.180|cpanel@www.grootersnet.nl|arcadio.setimmi@yahoo.com|550 5.7.1 Relaying not allowed: arcadi`

That’s fine with me 🙂

Furthermore, there a a few updates to be installed, no big deal (have done it before) but it just takes time – that I need to make free.

Development system
I got a new version of nxtWare-Remote to test.
Robert’s reply on my issues was I should $ SET PROCESS/PARSE=EXTENDED before installing GNV, Java and NxtWare – and that failing to do so may cause the problems. I’m pretty sure this is set by my LOGIN.COM file – or even SYLOGIN.COM – but it is no problem to double-check.

PHP still bloating
It’s mainly during the admin pages of the blog, that WordPress spits out an error:

%HTTPD-W-NOTICED, 01-OCT-2015 13:28:02, CGI:2107, not a strict CGI response
-NOTICED-I-SERVICE, http://www.grootersnet.nl:80
-NOTICED-I-CLIENT, 37.74.59.17
-NOTICED-I-URI, POST (32 bytes) /sysblog/wp-admin/admin-ajax.php
-NOTICED-I-SCRIPT, /sysblog/wp-admin/admin-ajax.php sysblog:[wp-admin]admin-ajax.php (phpwasd:) SYSBLOG:[WP-ADMIN]admin-ajax.php
-NOTICED-I-CGI, 504850205761726E696E673A20204D6F64756C652027646F (289 bytes) PHP Warning: Module 'dom' already loaded in Unknown on line 0.
-NOTICED-I-RXTX, err:0/0 raw:1321/0 net:1088/0

Quite a number of these, and just in the same PHP source (other ones are now seldom so the reader won’t get such errors any more; Or far less).
I should probably look at this PHP source to find out what’s causing the error, perhaps it is gone after the update?? Or mention it on the WordPress site…

Only one today: It seems this script tried to output something but cannot write (of course: theer is no need to write in the directory that holds the PHP-code: So it is set ReadOnly – as it should be):

%HTTPD-W-NOTICED, 01-OCT-2015 13:36:02, CGI:2107, not a strict CGI response
-NOTICED-I-SERVICE, http://www.grootersnet.nl:80
-NOTICED-I-CLIENT, 37.74.59.17
-NOTICED-I-URI, POST (32 bytes) /sysblog/wp-admin/admin-ajax.php
-NOTICED-I-SCRIPT, /sysblog/wp-admin/admin-ajax.php sysblog:[wp-admin]admin-ajax.php (phpwasd:) SYSBLOG:[WP-ADMIN]admin-ajax.php
-NOTICED-I-CGI, 556E61626C6520746F206F70656E2027707468726561645F (71 bytes) Unable to open 'pthread_dump.log' for write, using standard output only
-NOTICED-I-RXTX, err:0/0 raw:1088/0 net:1088/0

so there is something to be changed in that script anyway…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.