Logwatch Unmatched Entries

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Logwatch Unmatched Entries

Unread post by coolemail »

I have CentOS5 with ASL and Plesk 10.1.1

I've been ignoring some entries in the daily Logwatch with many thousands of mailcontroller entries that are similar to the extract below.
**Unmatched Entries**
binding TCP socket: address in use: 2 Time(s)
client 109.105.211.209 query (cache) 'mx21.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
client 109.105.211.209 query (cache) 'mx22.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
client 109.105.211.209 query (cache) 'mx23.mailcontroller.co.uk/A/IN' denied: 1 Time(s)
and some others - again thousands of entries:
connection refused resolving 'ns2.bbs.ro/AAAA/IN': 86.123.48.5#53: 8 Time(s)
connection refused resolving 'smokin.orbital.net/A/IN': 80.88.198.4#53: 1 Time(s)
connection refused resolving 'smokin.orbital.net/AAAA/IN': 80.88.198.4#53: 1 Time(s)
found 4 CPUs, using 4 worker threads: 2 Time(s)
host unreachable resolving '25.1.18.64.dnsbl-1.uceprotect.net/TXT/IN': 174.136.193.2#53: 1 Time(s)
host unreachable resolving '25.44.236.222.dnsbl-1.uceprotect.net/TXT/IN': 174.136.193.2#53: 1 Time(s)
network unreachable resolving '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/PTR/IN': 2001:500:86::86#53: 1 Time(s)
network unreachable resolving '1.18.0.187.in-addr.arpa/PTR/IN': 2001:470:d87a:3::2#53: 1 Time(s)
network unreachable resolving '10.132.127.174.in-addr.arpa/PTR/IN': 2607:f060:2::2#53: 1 Time(s)
network unreachable resolving '10.173.138.83.in-addr.arpa/PTR/IN': 2001:6b0:7::2#53: 1 Time(s)
network unreachable resolving '10.173.138.83.in-addr.arpa/PTR/IN': 2001:dc0:2001:a:4608::59#53: 1 Time(s)
Can anyone tell me if there is anything we should be be doing at server level to get rid of these entries on the logwatch?

Manythanks, in advance, as ever.
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Logwatch Unmatched Entries

Unread post by coolemail »

I keep ignoring the Unmatched Entries, but the thousands daily keep showing. It does not seem to be affexting the delivery of emails in any way. Can someone advise?
Kalimari
Forum Regular
Forum Regular
Posts: 526
Joined: Wed Jan 02, 2008 3:21 pm
Location: United Kingdom

Re: Logwatch Unmatched Entries

Unread post by Kalimari »

Those are unsuccessful DNS lookups for domains your server is not hosting. Do you use Plesk DNS or external? If external you can block port 53 (named) and this will drop them at the firewall level. If internal, you need to accept DNS lookups, so... not sure what to suggest...
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Logwatch Unmatched Entries

Unread post by coolemail »

Thank you Kalimari
We use Plesk DNS so looks from what you say that there is little we can do about this.
Highland
Forum Regular
Forum Regular
Posts: 674
Joined: Mon Apr 10, 2006 12:55 pm

Re: Logwatch Unmatched Entries

Unread post by Highland »

Your problem is that BIND, by default, logs into the general syslog. You can avoid this problem by telling BIND to make its own log file. Add this code to your named.conf

Code: Select all

logging{
  channel simple_log {
    file "/log/named.log" versions 3 size 10m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};
Remember that the path to your log file is relative to your chroot (IIRC Plesk's bind-chroot package uses /var/named/run-root/ instead of /var/named/chroot/).
"Its not a mac. I run linux... I'm actually cool." - scott
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Logwatch Unmatched Entries

Unread post by coolemail »

Thank you very much for that Highland
Post Reply