Monthly maintenance
The standard script didn’t show up anything weird:
PMAS statistics for May
Total messages : 2929 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 194 = 6.6 o/o (Files: 31)
Accepted by PMAS : 2735 = 93.3 o/o (Files: 31)
Handled by explicit rule
Rejected : 1843 = 67.3 o/o (processed), 62.9 o/o (all)
Accepted : 168 = 6.1 o/o (processed), 5.7 o/o (all)
Handled by content
Discarded : 404 = 14.7 o/o (processed), 13.7 o/o (all)
Quarantained : 285 = 10.4 o/o (processed), 9.7 o/o (all)
Delivered : 35 = 1.2 o/o (processed), 1.1 o/o (all)
Surprisingly, the number of relay attempts has dropped; most (158) occurred on 25-MAY-2017 between 08:52:48.06 and 09:02:03.88; all “sent” from (fake) users in my domain to be received by 1029mandaditos@gmail.com. from address 212.129.30.113 – seems to be hosted in France (astucesaclashofclans.fr) but the domain of the PTR record is Brazilian (plmc-113-30-129-212.grandesnoticias.com.br). The address raises red flags in 6 blacklsist.
Another issue that came up when examining the router logs. Not the number (well, a new 25K+ file every 2 or 3 days, need to check out earlier files) but that may have to do with the new router, though it should be compatible with the older one. Except that its throughput is way up, so it can handle more traffic….
But that is not the point.
What I found was, that, for the current file, ever 5 minutes or so, my workstation scans port 8612 in my network – both IP4 (LAN -> LAN) and IP6 (L:AN -> WAN). These are short messages (20 bytes) but what causes it? Searching the internet I found it is a CANON protocol, and I did install new Canon drives last week…I looked into the services and found a Canon service running which might be the cause – so I stopped it. But that doesn’t help…But looking on the resource manager, I located another one: CNMNSST.exe, and that indeed is the program I’m looking for. It doesn’t do much harm, according the descriptions: Hardly any CPU, memory or disk/IO: but it doesn’t mention it will constantly scan the network for a printer. This si something I need to dig into: It’s started by the task manager so there might be something to tweak.
WASD Update failure: Source located.
Actually, the update is fine. It’s just that secures sites are no longer accusable. Mark gave me a hint that I flowed up:
$ openssl :== $ SSL$ROOT:[ALPHA_EXE]openssl.exe
$ openssl s_client -connect www.grootersnet.nl:443
on 11.0.2 (what I’m running now), this starts the handshake:
$ openssl s_client -connect www.grootersnet.nl:443
CONNECTED(00000005)
...
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
(etcetera etcetera)
after which a command can be entered.
On 11.1:
$ openssl s_client -connect www.grootersnet.nl:443
CONNECTED(00000005)
539094439:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:S23_CLNT:593:
And that’s it.
Mark’s comment:
Incompatible version (see below).
(because there was more…)
Might be an SSL issue?
$ OpenSSL version
OpenSSL 0.9.8ze 15 Jan 2015
SSL for OpenVMS V1.4 Feb 18 2015.
$
Yes. This looks like the obsolete HP SSL kit
|$ mcr SYS$COMMON:[SSL.ALPHA_EXE]OPENSSL.EXE version OpenSSL 0.9.8ze 15
|Jan 2015 SSL for OpenVMS V1.4 Feb 18 2015.I get the same result using that version
…
There are some things to consider now, but first Update WordPress and Akismet 🙂