[Postfixbuch-users] Verzögerung bei SASL + Dovecot (firewall)
Alexander Busam
a.busam at hofmann-foerdertechnik.com
Do Jul 30 10:16:26 CEST 2009
Stefan Förster schrieb:
> * Alexander Busam <a.busam at hofmann-foerdertechnik.com> wrote:
>>> Und hier könntest Du dann einfach Regel der Form
>>>
>>> $IPT -A OUTPUT -j LOG
>>> $IPT -A INPUT -j LOG
>>>
>> ich hab mal die beiden Zeilen ans Ende gesetzt. Allzu viel kann ich da
>> allerdings nicht rauslesen. Außer dass da wohl öfter auf port 138 was
>> passiert.
>
> 138 ist doch, wenn ich mich nicht irre, so ein NetBIOS-Kram. Dieser
> LDAP-Server, auf den ihr zugreift, ist das eine Windows-Kiste?
>
Verwende openldap.
> Die Logs wären trotzdem interessant.
>
Siehe Anhang (firewall.log).
Auffällig ist der OUTPUT auf den DNS. Da verstehe ich den Log-Eintrag
auch nicht ganz, weil in der Zeile SRC und DST vertauscht werden.
Und dann gibts noch einen OUTPUT auf dem 389, der auf dem 2. Interface
liegt (scheint aber die Authentifizierung nicht zu stören).
>>> einfügen. BTW, ich habe gesehen, daß Du auch Regeln hast, die sich nur
>>> auf 127.0.0.1 beziehen. Abgesehen davon, daß solche Regeln nur
>>> greifen, wenn man als Interface ganz explizit "lo" angibt, weiß ich
>>> nicht, wie sinnvoll Paketfilterung auf dem Lookpback-Interface sein
>>> kann...
>>>
>> Habe auch mal das lokale interface für input/output komplett
>> freigegeben. Da ist aber das Problem auch sporadisch aufgetreten.
>
> Das ist klar ;-)
>
>> Ich schätze, dass es auch was mit LDAP oder DNS-Auflösung zu tun hat.
>> Ich bekomme aber das Problem nicht weiter eingegrenzt. Habe auch schon
>> mit tcpdump und nach ports gefiltert gearbeitet, aber da komm ich auch
>> nicht weiter.
>
> Wahrscheinlich bringt es schon Besserung, wenn Du dafür sorgst, daß
> als letzte Tat Pakete nicht gedroppt, sondern zurückgewiesen werden.
> In Deiner Schreibweise dann sowas wie
>
> $IPT -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
> $IPT -A OUTPUT -p udp -j REJECT
>
> Analog natürlich für INPUT, plusminus Flipptehler.
Habe RECEJT und LOG ans Ende gesetzt (siehe rcfirewall im Anhang).
Die Mails gehen nun ohne Verzögerung durch. Amavis gibt nun aber "Syslog
warnings: 1 x Connection refused" aus (siehe mail.log)
>
>> Jemand müßte doch schon mal das gleiche Problem mit nem LDAP-Backend und
>> Firewall gehabt haben ?!? Ohne Firewall funktioniert ja das ganze
>> komischerweise.
>
> Ich nehm an, daß der Rechner in so einer Art DMZ steht, da werden die
> meisten Leute sich hüten, einen lokalen Paketfilter zu benutzen.
> Sicherheismaßnahmen sollten orthogonal und redundant aufgebaut sein,
> ein lokaler Paketfilter auf einem Host in einer DMZ erfüllt mit viel
> gutem Willen gerade mal die zweite Anforderung.
>
Es gibt ne Firewall, die zwischen Internet und Intranet liegt. Im
Intranet ist der Mailserver. Auf dem Mailserver läuft die Firewall, über
die wir uns unterhalten.
> Und hey, wahrscheinlich droppen sie nicht einfach Pakete, so daß der
> anfragende Host/Prozess erst gar nicht auf die Idee kommt, Pakete noch
> 20 mal neu zu übermitteln ;-)
>
>> Wie kann ich denn noch wo besser loggen ?
>
> Die vom LOG-Target erfassten Pakete wären ein Anfang. Und natürlich
> ist klar, daß Du bei aktiviertem Paketfilter eingehende Pakete nicht
> sehen wirst.
>
>> Wie kann ich denn genau unter Linux nachsehen, wass in den 10 Sekunden
>> passiert auf den Ports passiert ?
>
> Du kannst die Firewall abschalten und mit tcpdump, tshark, wireshark,
> ngrep und ähnlichen Tools einfach wirklich mal einen kompletten
> Einlieferungsvorgang mitschneiden.
>
Habe mit wireshark protokolliert. Kann ich aber nicht wirklich
nachvollziehen auf was in den 10 Sekunden gewartet wird. :-(
Gruß Alex
>
> Ciao
> Stefan
-------------- nächster Teil --------------
#! /bin/sh
# Author: Alexander Busam
#
# /etc/init.d/iptables_script
#
### BEGIN INIT INFO
# Provides: iptables
# Required-Start: $network
# Should-Start:
# Required-Stop:
# Default-Start: 3 5
# Default-Stop:
# Description: start the iptables configuration
### END INIT INFO
# IP-Adresse des Netzwerkinterfaces
ip_nr=192.168.1.27
# IP-Adresse des lokalen DNS-Servers
ip_ldns=192.168.1.26/32
# IP-Adresse des lokalen LDAP-Servers
ip_lldap=192.168.1.26/32
# IP-Adresse des lokalen Netzes
ip_lnet=192.168.1.0/24
# IP-Adresse des Backupserver (hmbackupsrv)
ip_backupsrv=192.168.2.28
IPT=/usr/sbin/iptables
. /etc/rc.status
# Reset status of this service
rc_reset
case "$1" in
start)
#Kernelmodul für hylafax laden
if (( `/sbin/lsmod | grep nf_conntrack_ftp | /usr/bin/wc -l` > 0 ))
then
/sbin/rmmod nf_conntrack_ftp
fi
/sbin/modprobe ip_conntrack_ftp ports=4559
#Alle Regeln löschen
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
# Durch unsere default-Regel (P=policy) machen wir alles zu.
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
# $IPT -P OUTPUT -p tcp -j REJECT --reject-with tcp-reset
# $IPT -A OUTPUT -p udp -j REJECT
$IPT -P FORWARD DROP
# Auf loopback alles erlauben
$IPT -A INPUT -i lo -p all -j ACCEPT
$IPT -A OUTPUT -o lo -p all -j ACCEPT
# Wir erlauben nun pauschal alle Verbindungen, die zu bereits
# aufgebauten Verbindungen gehören. WELCHE Verbindungen aufgebaut
# werden dürfen, regeln wir anschließend.
# Wir ziehen diesen Regelsatz vor, da wir Rechenpower sparen: Ein
# Großteil der Pakete wird durch diese Regel durchgelassen, und so
# können wir recht früh die Prüfung beenden.
$IPT -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Benötigte Dienste müssen wir nun einzeln freischalten:
#
# Mailempfang SMTP weltweit
#$IPT -A INPUT -p TCP -d $ip_nr --sport 1024: --dport 25 \
#$IPT -A INPUT -p TCP -d $ip_nr --dport 25 \
$IPT -A INPUT -p TCP -d $ip_nr --sport 1024: --dport 25 \
-m state --state NEW -j ACCEPT
# Alternativ-Beispiel: Mailempfang nur von den IPs 91.198.250.0/24
# zulassen -- beispielsweise einem externen Spamfilterservice:
#$IPT -A INPUT -p TCP -d \$ip_nr --sport 1024: --dport 25 \
# -s 91.198.250.0/24 -m state --state NEW -j ACCEPT
# Amavis als lokaler Server.
# $IPT -A INPUT -p TCP -s 127.0.0.1 -d 127.0.0.1 --sport 1024: --dport 10025 -m state --state NEW -j ACCEPT
# $IPT -A INPUT -p TCP -s 127.0.0.1 -d 127.0.0.1 --sport 1024: --dport 10024 -m state --state NEW -j ACCEPT
# $IPT -A OUTPUT -p TCP -s 127.0.0.1 -d 127.0.0.1 --sport 1024: --dport 10025 -m state --state NEW -j ACCEPT
# $IPT -A OUTPUT -p TCP -s 127.0.0.1 -d 127.0.0.1 --sport 1024: --dport 10024 -m state --state NEW -j ACCEPT
# Der Server darf Nachrichten an pyzor-Server senden:
$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport 24441 -m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p UDP -s $ip_nr --sport 1024: --dport 24441 -m state --state NEW -j ACCEPT
# Der Server darf Nachrichten an razor2-Server senden:
$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport 2703 -m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport 7 -m state --state NEW -j ACCEPT
# Mailversand weltweit
#$IPT -A OUTPUT -p TCP -s $ip_nr --sport 25 --dport 1024: \
#$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport 25 \
$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport 25 \
-m state --state NEW -j ACCEPT
# POP3, POP3s, IMAP, IMAPs aus dem LAN erlauben 110 143 993 995
$IPT -A INPUT -p TCP -d $ip_nr \
--sport 1024: --dport 143 \
-m state --state NEW -j ACCEPT
# Der Server darf NTP-Server abfragen:
$IPT -A OUTPUT -p TCP -s $ip_nr --sport ntp --dport ntp -m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p UDP -s $ip_nr --sport ntp --dport ntp -m state --state NEW -j ACCEPT
# Der Server darf http-Server abfragen:
$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport 80 -m state --state NEW -j ACCEPT
# Der Server darf ftp-Server abfragen:
#$IPT -A OUTPUT -p TCP -s $ip_nr --sport 1024: --dport ftp -m state --state NEW -j ACCEPT
#$IPT -A OUTPUT -p TCP --sport 1024: --dport 1024: -m state --state NEW -j ACCEPT
# alternativ ==> s. u.
#$IPT -A OUTPUT -p TCP -o eth0 --sport 1024: --dport ftp -m state --state NEW -j ACCEPT
#$IPT -A OUTPUT -p TCP -o eth0 --sport 1024: --dport 1024: -m state --state NEW -j ACCEPT
# Anfragen an den DNS-Server unseres LANs (TCP und UDP) erlauben
# (angenommen, unser Mailserver nutzt ausgehend einen Port >1024)
$IPT -A OUTPUT -p TCP -s $ip_nr -d $ip_ldns \
--sport 1024: --dport 53 \
-m state --state NEW -j ACCEPT
$IPT -A OUTPUT -p UDP -s $ip_nr -d $ip_ldns \
--sport 1024: --dport 53 \
-m state --state NEW -j ACCEPT
# LDAP-Zugriff erlauben.
$IPT -A OUTPUT -p TCP -s $ip_nr -d $ip_lldap \
--sport 1024: --dport 389 \
-m state --state NEW -j ACCEPT
# Sofern SSH tatsächlich eingesetzt wird, schalten wir es
# noch für einige IP-Nummern/Netze frei:
# Unser LAN:
$IPT -A INPUT -p TCP -d $ip_nr -s $ip_lnet \
--sport 1024: --dport 22 \
-m state --state NEW -j ACCEPT
# Sofern SSH tatsächlich eingesetzt wird, schalten wir es
# noch für einige IP-Nummern/Netze frei:
# Unser LAN:
$IPT -A OUTPUT -p TCP -s $ip_nr -d $ip_lnet \
--sport 1024: --dport 22 \
-m state --state NEW -j ACCEPT
# Sofern SSH tatsächlich eingesetzt wird, schalten wir es
# noch für einige IP-Nummern/Netze frei:
# Unser LAN:
$IPT -A INPUT -p TCP -d 192.168.2.27 -s 192.168.2.0/24 \
--sport 1024: --dport 22 \
-m state --state NEW -j ACCEPT
# Sofern SSH tatsächlich eingesetzt wird, schalten wir es
# noch für einige IP-Nummern/Netze frei:
# Unser LAN:
$IPT -A OUTPUT -p TCP -s 192.168.2.27 -d $ip_backupsrv \
--sport 1024: --dport 22 \
-m state --state NEW -j ACCEPT
# Hylafax (lokal)
#A $IPT -A OUTPUT -p TCP -s 127.0.0.1 -d 127.0.0.0/8 \
#A --sport 1024: --dport 4559 \
#A -m state --state NEW -j ACCEPT
# Hylafax (lokal)
#A $IPT -A INPUT -p TCP -s 127.0.0.0/8 -d 127.0.0.1 \
#A --sport 1024: --dport 4559 \
#A -m state --state NEW -j ACCEPT
# Hylafax (fuer eingehende Faxe)
$IPT -A INPUT -p TCP -d $ip_nr -s $ip_lnet \
--sport 1024: --dport 4559 \
-m state --state NEW -j ACCEPT
# Hylafax (fuer eingehende Faxe)
#$IPT -A OUTPUT -p TCP -s $ip_nr -d $ip_lnet \
# --sport 1024: --dport 4559 \
# -m state --state NEW -j ACCEPT
# Alles loggen
$IPT -A OUTPUT -j LOG --log-prefix="IPTABLES-OUTPUT: " --log-level 7
$IPT -A INPUT -j LOG --log-prefix="IPTABLES-INPUT: " --log-level 7
$IPT -A FORWARD -j LOG --log-prefix="IPTABLES-FORWARD: "
# Alles abweisen
$IPT -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
$IPT -A OUTPUT -p udp -j REJECT
$IPT -A INPUT -p tcp -j REJECT --reject-with tcp-reset
$IPT -A INPUT -p udp -j REJECT
echo -n "ip-tables gestartet"
# Remember status and be verbose
rc_status -v
;;
stop)
#Alle Regeln loeschen
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
echo -n "ip-tables geloescht"
# Remember status and be verbose
rc_status -v
;;
status)
$IPT -L
$IPT -t nat -n -L
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
rc_exit
-------------- nächster Teil --------------
Jul 30 09:27:53 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63762 DF PROTO=TCP SPT=1627 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:27:54 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60118 DF PROTO=TCP SPT=1466 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:27:54 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60120 DF PROTO=TCP SPT=1466 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:27:54 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:4b:3a:73:7a:08:00 SRC=192.168.1.123 DST=192.168.1.255 LEN=257 TOS=0x00 PREC=0x00 TTL=128 ID=7072 PROTO=UDP SPT=138 DPT=138 LEN=237
Jul 30 09:27:55 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60121 DF PROTO=TCP SPT=1466 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:27:55 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:4b:3a:73:7a:08:00 SRC=192.168.1.123 DST=192.168.1.255 LEN=257 TOS=0x00 PREC=0x00 TTL=128 ID=7077 PROTO=UDP SPT=138 DPT=138 LEN=237
Jul 30 09:27:55 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63799 DF PROTO=TCP SPT=1628 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:27:55 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:5b:79:68:e0:08:00 SRC=192.168.1.64 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=59770 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:27:56 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63809 DF PROTO=TCP SPT=1628 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:27:56 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63822 DF PROTO=TCP SPT=1628 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:05 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:23:08:00 SRC=192.168.1.119 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=9471 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:15 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60181 DF PROTO=TCP SPT=1467 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:15 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60183 DF PROTO=TCP SPT=1467 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:16 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60184 DF PROTO=TCP SPT=1467 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:16 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=5759 DF PROTO=TCP SPT=1637 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:17 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=5765 DF PROTO=TCP SPT=1637 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:17 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6489 DF PROTO=TCP SPT=1637 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:50:0f:81:08:00 SRC=192.168.2.6 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=10202 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:50:0f:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=10203 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:0b:d6:6a:32:08:00 SRC=192.168.2.25 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:0b:d6:6a:34:08:00 SRC=192.168.1.25 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:0b:d6:6a:32:08:00 SRC=192.168.2.25 DST=192.168.2.255 LEN=236 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=216
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:0b:d6:6a:34:08:00 SRC=192.168.1.25 DST=192.168.1.255 LEN=236 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=216
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:85:b8:45:47:08:00 SRC=192.168.1.28 DST=192.168.1.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=221
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:54:52:d8:af:08:00 SRC=192.168.2.20 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:85:b8:45:47:08:00 SRC=192.168.1.28 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:54:52:d8:af:08:00 SRC=192.168.2.20 DST=192.168.2.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:79:d2:1a:ae:08:00 SRC=192.168.1.20 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:79:d2:1a:ae:08:00 SRC=192.168.1.20 DST=192.168.1.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:02:46:22:99:08:00 SRC=192.168.1.10 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:b6:22:5f:3b:08:00 SRC=192.168.1.200 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:5f:80:01:98:08:00 SRC=192.168.1.191 DST=192.168.1.255 LEN=245 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=225
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:b6:22:67:27:08:00 SRC=192.168.1.150 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:5f:80:01:98:08:00 SRC=192.168.1.191 DST=192.168.1.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:b6:22:67:27:08:00 SRC=192.168.1.150 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
Jul 30 09:28:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:02:47:28:5a:08:00 SRC=192.168.1.14 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=14089 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:28:29 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:08:02:46:22:99:08:00 SRC=192.168.1.10 DST=192.168.1.255 LEN=263 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=243
Jul 30 09:28:31 hmmailsrv kernel: IPTABLES-OUTPUT: IN= OUT=eth1 SRC=192.168.2.27 DST=192.168.2.26 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7004 DF PROTO=TCP SPT=59716 DPT=389 WINDOW=5840 RES=0x00 SYN URGP=0
Jul 30 09:28:34 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60610 DF PROTO=TCP SPT=1480 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:34 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60612 DF PROTO=TCP SPT=1480 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:35 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60615 DF PROTO=TCP SPT=1480 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60618 DF PROTO=TCP SPT=1481 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60620 DF PROTO=TCP SPT=1481 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=16755 DF PROTO=TCP SPT=1642 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:38 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60621 DF PROTO=TCP SPT=1481 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:38 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=16764 DF PROTO=TCP SPT=1642 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:38 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=16773 DF PROTO=TCP SPT=1642 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:43 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:fe:db:ca:d0:08:00 SRC=192.168.1.121 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=52297 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:28:57 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=25576 DF PROTO=TCP SPT=1656 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:58 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60635 DF PROTO=TCP SPT=1482 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:58 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=26397 DF PROTO=TCP SPT=1656 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:58 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60637 DF PROTO=TCP SPT=1482 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:58 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=26490 DF PROTO=TCP SPT=1656 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:58 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60676 DF PROTO=TCP SPT=1482 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:28:59 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=26536 DF PROTO=TCP SPT=1657 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:00 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=255 TOS=0x00 PREC=0x00 TTL=128 ID=61814 PROTO=UDP SPT=138 DPT=138 LEN=235
Jul 30 09:29:00 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=26545 DF PROTO=TCP SPT=1657 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:00 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=26657 DF PROTO=TCP SPT=1657 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:10 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1a:4b:3a:73:7a:08:00 SRC=192.168.1.123 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=7180 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:29:14 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:a4:44:a7:ae:08:00 SRC=192.168.2.111 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=63841 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:29:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60791 DF PROTO=TCP SPT=1485 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:19 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60793 DF PROTO=TCP SPT=1485 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:19 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60794 DF PROTO=TCP SPT=1485 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:20 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=36714 DF PROTO=TCP SPT=1670 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=36723 DF PROTO=TCP SPT=1670 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=36732 DF PROTO=TCP SPT=1670 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:29 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:9f:ee:23:08:00 SRC=192.168.1.140 DST=192.168.1.255 LEN=257 TOS=0x00 PREC=0x00 TTL=128 ID=59138 PROTO=UDP SPT=138 DPT=138 LEN=237
Jul 30 09:29:31 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:9b:08:00 SRC=192.168.1.116 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36657 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:29:32 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:9b:08:00 SRC=192.168.1.116 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36658 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:29:33 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:9b:08:00 SRC=192.168.1.116 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36659 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:29:33 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:9b:08:00 SRC=192.168.1.116 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36661 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:29:34 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:9b:08:00 SRC=192.168.1.116 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36679 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:29:35 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:9b:08:00 SRC=192.168.1.116 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=36680 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:29:38 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60936 DF PROTO=TCP SPT=1486 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:39 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60938 DF PROTO=TCP SPT=1486 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:39 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60939 DF PROTO=TCP SPT=1486 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:40 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60942 DF PROTO=TCP SPT=1487 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:41 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60944 DF PROTO=TCP SPT=1487 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:41 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49438 DF PROTO=TCP SPT=1671 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:41 hmmailsrv kernel: IPTABLES-OUTPUT: IN= OUT=eth1 SRC=192.168.2.27 DST=192.168.2.26 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=40707 DF PROTO=TCP SPT=58273 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Jul 30 09:29:41 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=60945 DF PROTO=TCP SPT=1487 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:42 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49451 DF PROTO=TCP SPT=1671 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:42 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:3d:0b:08:00 SRC=192.168.1.129 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=5614 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:29:42 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=49517 DF PROTO=TCP SPT=1671 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:29:46 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:b1:de:64:08:00 SRC=192.168.2.140 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=49169 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:01 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:d6:df:ac:08:00 SRC=192.168.1.26 DST=224.0.0.251 LEN=64 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=44
Jul 30 09:30:01 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:d6:df:aa:08:00 SRC=192.168.2.26 DST=224.0.0.251 LEN=64 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=44
Jul 30 09:30:01 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=62841 DF PROTO=TCP SPT=1489 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:02 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=62843 DF PROTO=TCP SPT=1489 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:02 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:b6:22:5f:3b:08:00 SRC=192.168.1.200 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:30:02 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:0b:d6:df:aa:08:00 SRC=192.168.2.26 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:02 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:0b:d6:df:aa:08:00 SRC=192.168.2.26 DST=192.168.2.255 LEN=237 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=217
Jul 30 09:30:02 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=62844 DF PROTO=TCP SPT=1489 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:02 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=57533 DF PROTO=TCP SPT=1672 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:03 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=58246 DF PROTO=TCP SPT=1672 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:03 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=58255 DF PROTO=TCP SPT=1672 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:03 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=58258 DF PROTO=TCP SPT=1673 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:04 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=58267 DF PROTO=TCP SPT=1673 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:05 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=58276 DF PROTO=TCP SPT=1673 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:05 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:4d:d5:48:08:00 SRC=192.168.2.136 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=29321 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:11 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:1c:af:00:08:00 SRC=192.168.1.139 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=56844 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:14 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:d1:5b:ba:57:08:00 SRC=192.168.2.213 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=35340 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:16 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:00:45:4f:ab:08:00 SRC=192.168.2.45 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=39183 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:30:16 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:00:45:4f:ab:08:00 SRC=192.168.2.45 DST=192.168.2.255 LEN=257 TOS=0x00 PREC=0x00 TTL=128 ID=39184 PROTO=UDP SPT=138 DPT=138 LEN=237
Jul 30 09:30:22 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63351 DF PROTO=TCP SPT=1490 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:23 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63354 DF PROTO=TCP SPT=1490 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:23 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63355 DF PROTO=TCP SPT=1490 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:25 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=62522 DF PROTO=TCP SPT=1674 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:25 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=62531 DF PROTO=TCP SPT=1674 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:26 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=62540 DF PROTO=TCP SPT=1674 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:28 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:65:47:2f:08:00 SRC=192.168.1.162 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=51667 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:29 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:18:71:70:86:c5:08:00 SRC=192.168.2.106 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=2102 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:32 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=63692 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:34 hmmailsrv kernel: IPTABLES-OUTPUT: IN= OUT=eth0 SRC=192.168.1.27 DST=192.168.1.26 LEN=116 TOS=0x00 PREC=0xC0 TTL=64 ID=56575 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.26 DST=192.168.1.27 LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=43246 LEN=68 ]
Jul 30 09:30:43 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63420 DF PROTO=TCP SPT=1492 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:44 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63422 DF PROTO=TCP SPT=1492 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:44 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63423 DF PROTO=TCP SPT=1492 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:44 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63425 DF PROTO=TCP SPT=1493 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:45 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63427 DF PROTO=TCP SPT=1493 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:45 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63428 DF PROTO=TCP SPT=1493 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:45 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:18:71:70:bb:24:08:00 SRC=192.168.2.118 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=51794 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:30:46 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=510 DF PROTO=TCP SPT=1675 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:46 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=520 DF PROTO=TCP SPT=1675 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:47 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=530 DF PROTO=TCP SPT=1675 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:30:52 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:66:90:59:08:00 SRC=192.168.1.122 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=24510 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:31:03 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2667 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:04 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2672 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:04 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2674 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:04 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2676 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:05 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2678 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:05 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2680 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:05 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63487 DF PROTO=TCP SPT=1494 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:06 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63489 DF PROTO=TCP SPT=1494 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:06 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2683 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:06 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63490 DF PROTO=TCP SPT=1494 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:07 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2685 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:07 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=3923 DF PROTO=TCP SPT=1676 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:07 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=3932 DF PROTO=TCP SPT=1676 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:07 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2687 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:08 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=3957 DF PROTO=TCP SPT=1676 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:08 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2690 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:09 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=4676 DF PROTO=TCP SPT=1677 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:09 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2692 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:09 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=4685 DF PROTO=TCP SPT=1677 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:10 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=4695 DF PROTO=TCP SPT=1677 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:10 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2694 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:11 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2697 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:11 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2699 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:12 hmmailsrv kernel: IPTABLES-OUTPUT: IN= OUT=eth0 SRC=192.168.1.27 DST=192.168.1.26 LEN=116 TOS=0x00 PREC=0xC0 TTL=64 ID=56576 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.1.26 DST=192.168.1.27 LEN=88 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=21131 LEN=68 ]
Jul 30 09:31:12 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2701 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:22 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:ee:1b:73:2b:08:00 SRC=192.168.1.40 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:26 hmmailsrv syslog-ng[1051]: last message repeated 3 times
Jul 30 09:31:26 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:ee:1b:73:2b:08:00 SRC=192.168.1.40 DST=192.168.1.255 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=191
Jul 30 09:31:26 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63681 DF PROTO=TCP SPT=1495 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:27 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63685 DF PROTO=TCP SPT=1495 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:27 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63687 DF PROTO=TCP SPT=1495 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:29 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=7357 DF PROTO=TCP SPT=1678 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:29 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=8077 DF PROTO=TCP SPT=1678 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:29 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=8086 DF PROTO=TCP SPT=1678 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:33 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=39172 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:31:33 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:46:1c:6b:08:00 SRC=192.168.1.9 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=24055 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:31:36 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2825 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:36 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2826 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2829 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2830 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:46:1c:6b:08:00 SRC=192.168.1.9 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=24059 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:31:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2833 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:37 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2834 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:38 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2837 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:39 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2839 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:40 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2841 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:40 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2844 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:41 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2846 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:42 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=2848 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:42 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=2850 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:31:45 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:46:1c:6b:08:00 SRC=192.168.1.9 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=24060 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:45 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:04:5f:80:34:49:08:00 SRC=192.168.1.190 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:31:47 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63744 DF PROTO=TCP SPT=1496 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:47 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63746 DF PROTO=TCP SPT=1496 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:48 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63747 DF PROTO=TCP SPT=1496 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:49 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63749 DF PROTO=TCP SPT=1497 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:49 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63751 DF PROTO=TCP SPT=1497 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:49 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11374 DF PROTO=TCP SPT=1679 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:50 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11379 DF PROTO=TCP SPT=1679 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:50 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63754 DF PROTO=TCP SPT=1497 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:50 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11388 DF PROTO=TCP SPT=1679 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:31:51 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:fe:db:ca:b6:08:00 SRC=192.168.1.130 DST=192.168.1.255 LEN=255 TOS=0x00 PREC=0x00 TTL=128 ID=39883 PROTO=UDP SPT=138 DPT=138 LEN=235
Jul 30 09:32:07 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:38:83:17:5c:08:00 SRC=192.168.2.206 DST=192.168.2.255 LEN=233 TOS=0x00 PREC=0x00 TTL=128 ID=2894 PROTO=UDP SPT=138 DPT=138 LEN=213
Jul 30 09:32:09 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:fe:db:ca:b6:08:00 SRC=192.168.1.130 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=40107 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:32:09 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63810 DF PROTO=TCP SPT=1498 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:09 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63812 DF PROTO=TCP SPT=1498 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:10 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:16:35:ac:c5:14:08:00 SRC=192.168.1.105 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=63814 DF PROTO=TCP SPT=1498 DPT=58940 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:10 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14783 DF PROTO=TCP SPT=1680 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:11 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14788 DF PROTO=TCP SPT=1680 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:11 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14798 DF PROTO=TCP SPT=1680 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:12 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:17:a4:44:a7:8d:08:00 SRC=192.168.1.142 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=56140 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:32:13 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14835 DF PROTO=TCP SPT=1681 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:14 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=14846 DF PROTO=TCP SPT=1681 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:14 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=329 TOS=0x00 PREC=0x00 TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=309
Jul 30 09:32:14 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=00:1a:4b:d0:c7:26:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.27 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=15558 DF PROTO=TCP SPT=1681 DPT=60169 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 30 09:32:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:46:1c:6b:08:00 SRC=192.168.1.9 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=24101 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:32:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=255 TOS=0x00 PREC=0x00 TTL=128 ID=5 PROTO=UDP SPT=138 DPT=138 LEN=235
Jul 30 09:32:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=282 TOS=0x00 PREC=0x00 TTL=128 ID=6 PROTO=UDP SPT=138 DPT=138 LEN=262
Jul 30 09:32:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=18 PROTO=UDP SPT=138 DPT=138 LEN=209
Jul 30 09:32:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=255 TOS=0x00 PREC=0x00 TTL=128 ID=41 PROTO=UDP SPT=138 DPT=138 LEN=235
Jul 30 09:32:18 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0b:cd:a0:04:88:08:00 SRC=192.168.1.114 DST=192.168.1.255 LEN=255 TOS=0x00 PREC=0x00 TTL=128 ID=53 PROTO=UDP SPT=138 DPT=138 LEN=235
Jul 30 09:32:20 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16422 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:32:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:19:bb:41:f6:cd:08:00 SRC=192.168.1.128 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=16645 PROTO=UDP SPT=137 DPT=137 LEN=58
Jul 30 09:32:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:49:9b:ac:08:00 SRC=192.168.1.13 DST=192.168.1.255 LEN=238 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=218
Jul 30 09:32:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:02:a5:47:5a:ed:08:00 SRC=192.168.2.13 DST=192.168.2.255 LEN=238 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=218
Jul 30 09:32:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:05:49:9b:ac:08:00 SRC=192.168.1.13 DST=192.168.1.255 LEN=238 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=218
Jul 30 09:32:21 hmmailsrv kernel: IPTABLES-INPUT: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:02:a5:47:5a:ed:08:00 SRC=192.168.2.13 DST=192.168.2.255 LEN=238 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=218
-------------- nächster Teil --------------
Jul 30 09:30:42 hmmailsrv postfix/smtpd[752]: connect from wsab.hofmann-intern.de[192.168.1.165]
Jul 30 09:30:42 hmmailsrv postfix/smtpd[752]: setting up TLS connection from wsab.hofmann-intern.de[192.168.1.165]
Jul 30 09:30:42 hmmailsrv postfix/smtpd[752]: TLS connection established from wsab.hofmann-intern.de[192.168.1.165]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) Net::Server: 2009/07/30-09:30:42 CONNECT TCP Peer: "127.0.0.1:33838" Local: "127.0.0.1:10024"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) idle_proc, hi : was idle, 967166.4 ms, total idle 1675.807 s, busy 12.281 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) loaded base policy bank
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) lookup_ip_acl (inet_acl): key="127.0.0.1" matches "127.0.0.1", result=1
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) process_request: fileno sock=12, STDIN=0, STDOUT=1
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) switch_to_my_time 480 s, new request
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-03) process_request: suggested_protocol="" on TCP
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 4: was busy, 1.9 ms, total idle 1675.807 s, busy 12.283 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 5: was idle, 0.1 ms, total idle 1675.808 s, busy 12.283 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) SMTP< EHLO hmmailsrv.hofmann-intern.de\r\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, SMTP EHLO received
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-[127.0.0.1]
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-VRFY
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-PIPELINING
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-SIZE
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-ENHANCEDSTATUSCODES
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-8BITMIME
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250-DSN
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250 XFORWARD NAME ADDR PROTO HELO
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 6: was busy, 1.0 ms, total idle 1675.808 s, busy 12.284 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 5: was idle, 0.1 ms, total idle 1675.808 s, busy 12.284 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP< XFORWARD NAME=wsab.hofmann-intern.de ADDR=192.168.1.165 HELO=[192.168.1.165] PROTO=ESMTP\r\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, SMTP XFORWARD received
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250 2.5.0 Ok XFORWARD
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 6: was busy, 0.5 ms, total idle 1675.808 s, busy 12.284 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 5: was idle, 0.1 ms, total idle 1675.808 s, busy 12.284 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP< MAIL FROM:<a.busam at hofmann-foerdertechnik.com> SIZE=848\r\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, SMTP MAIL received
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) check_mail_begin_task: task_count=4
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_ip_acl (mynetworks): key="192.168.1.165" matches "192.168.0.0/16", result=1
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) loaded policy bank "MYNETS"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (debug_sender) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250 2.1.0 Sender <a.busam at hofmann-foerdertechnik.com> OK
Jul 30 09:30:42 hmmailsrv postfix/smtpd[752]: NOQUEUE: client=wsab.hofmann-intern.de[192.168.1.165], sasl_method=PLAIN, sasl_username=a.busam at hofmann-foerdertechnik.com
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 6: was busy, 1.4 ms, total idle 1675.808 s, busy 12.286 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 5: was idle, 0.1 ms, total idle 1675.808 s, busy 12.286 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP< RCPT TO:<a.busam at hofmann-foerdertechnik.com>\r\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, SMTP RCPT received
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 250 2.1.5 Recipient <a.busam at hofmann-foerdertechnik.com> OK
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 6: was busy, 0.6 ms, total idle 1675.808 s, busy 12.286 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) idle_proc, 5: was idle, 0.8 ms, total idle 1675.809 s, busy 12.286 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP< DATA\r\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, SMTP DATA received
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090730T090234-00436: <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com> SIZE=848 Received: from hmmailsrv.hofmann-intern.de ([127.0.0.1]) by localhost (hmmailsrv.hofmann-intern.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <a.busam at hofmann-foerdertechnik.com>; Thu, 30 Jul 2009 09:30:42 +0200 (CEST)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP> 354 End data with <CR><LF>.<CR><LF>
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, receiving data
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, data-end received
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ESMTP< .<CR><LF>
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Actual message size 1161 B greater than the declared 848 B
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_acl(a.busam at hofmann-foerdertechnik.com), no match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (local_domains) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) body type: unlabeled, but 8-bit body (h=0, b=1)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) body hash: 06519c6725256f4dd954a03db4b6fc69
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Original mail size: 1161; quota set to: 580500 bytes
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Checking: I3A6AuMUn0nK MYNETS [192.168.1.165] <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) 2822.From: <a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (bypass_virus_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Extracting mime components
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Issued a new file name: p001
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Charging 374 bytes to remaining quota 580500 (out of 580500, (0%)) - by mime_decode
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) p001 1 Content-Type: text/plain, size: 374 B, name:
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) prolong_timer mime_decode: remaining time = 480 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) prolong_timer mime_decode-1: remaining time = 480 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) decode_parts: level=1, #parts=1 : p001
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) run_command: [1111] /usr/bin/file p001 </dev/null 2>&1
Jul 30 09:30:42 hmmailsrv amavis[1111]: (00436-04) open_on_specific_fd: target fd0 closing, to become < /dev/null
Jul 30 09:30:42 hmmailsrv amavis[1111]: (00436-04) open_on_specific_fd: target fd2 closing, to become > &1
Jul 30 09:30:42 hmmailsrv amavis[1111]: (00436-04) open_on_specific_fd: target fd2 dup2 from fd1 > &1
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) result line from file(1): p001: ISO-8859 text\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_re("ISO-8859 text") matches key "(?-xism:^ISO-8859.*\btext\b)", result="txt"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (map_full_type_to_short_type) => true, "ISO-8859 text" matches, result="txt", matching_key="(?-xism:^ISO-8859.*\\btext\\b)"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) File-type of p001: ISO-8859 text; (txt)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) decompose_part: p001 - atomic
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) prolong_timer parts_decode: remaining time = 480 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (bypass_header_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) check_header: 0, OK
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (bypass_header_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Checking for banned types and filenames
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (bypass_banned_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="DEFAULT"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (banned_filename), 1 matches for "a.busam at hofmann-foerdertechnik.com", results: "(constant:DEFAULT)"=>"DEFAULT"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) collect banned table[0]: a.busam at hofmann-foerdertechnik.com, tables: DEFAULT=>Amavis::Lookup::RE=ARRAY(0x8ebccec)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) starting banned checks - traversing message structure tree
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) check_for_banned (p001) text/plain,.txt
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) doing banned check for a.busam at hofmann-foerdertechnik.com on text/plain,.txt
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_re(["text/plain",".txt"]), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (check_bann:a.busam at hofmann-foerdertechnik.com) => undef, ["text/plain",".txt"] does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) p.path a.busam at hofmann-foerdertechnik.com: "P=p001,L=1,M=text/plain,T=txt"
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) banned check: any=0, all=N (1)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_re("MAIL"), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (keep_decoded_original) => undef, "MAIL" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Using ClamAV-clamd: (built-in interface)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) timer set to 320 s (was 480 s)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ask_av (ClamAV-clamd): query template1: CONTSCAN {}\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) Using (ClamAV-clamd) on dir: CONTSCAN /var/spool/amavis/tmp/amavis-20090730T090234-00436/parts\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) timer set to 10 s (was 320 s)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ClamAV-clamd: Connecting to socket /var/lib/clamav/clamd-socket
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ClamAV-clamd: Sending CONTSCAN /var/spool/amavis/tmp/amavis-20090730T090234-00436/parts\n to UNIX socket /var/lib/clamav/clamd-socket
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) prolong_timer ask_daemon_internal: timer set to 256 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ask_av (ClamAV-clamd) result: /var/spool/amavis/tmp/amavis-20090730T090234-00436/parts: OK\n
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ask_av (ClamAV-clamd): /var/spool/amavis/tmp/amavis-20090730T090234-00436/parts CLEAN
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) ClamAV-clamd result: clean
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) prolong_timer run_av: timer set to 480 s
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (bypass_virus_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (bypass_spam_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) wbl: checking sender <a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (blacklist_recip<a.busam at hofmann-foerdertechnik.com>) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (blacklist_sender) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (whitelist_recip<a.busam at hofmann-foerdertechnik.com>) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (whitelist_sender) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com) matches keys: "."=>ARRAY(0x8ebd0f4)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (score_sender), 1 matches for "a.busam at hofmann-foerdertechnik.com", results: "."=>[Amavis::Lookup::RE=ARRAY(0x8ebcee4),HASH(0x8ebcf50)]
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_re("a.busam at hofmann-foerdertechnik.com"), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) lookup (score_sender<a.busam at hofmann-foerdertechnik.com>) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) SpamControl: calling spam scanner
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) spam_scan: DSPAM not available, skipping it
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) timer set to 320 s for SA (was 480 s)
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) calling SA parse, SA version 3.2.5, 3.002005
Jul 30 09:30:42 hmmailsrv amavis[436]: (00436-04) CALLING SA check
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer spam_scan_sa_finish: timer set to 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) spam_scan: score=-4.057 autolearn=ham tests=[ALL_TRUSTED=-1.8,AWL=0.342,BAYES_00=-2.599]
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer spam_scan: remaining time = 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) enqueue: stat is not numeric: ""
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="2"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_tag_level) => true, "a.busam at hofmann-foerdertechnik.com" matches, result="2", matching_key="(constant:2)"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="6.31"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_tag2_level) => true, "a.busam at hofmann-foerdertechnik.com" matches, result="6.31", matching_key="(constant:6.31)"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_tag3_level) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="6.31"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_kill_level) => true, "a.busam at hofmann-foerdertechnik.com" matches, result="6.31", matching_key="(constant:6.31)"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) query_keys: a.busam at hofmann-foerdertechnik.com, a.busam@, hofmann-foerdertechnik.com, .hofmann-foerdertechnik.com, .com, .
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup_hash(a.busam at hofmann-foerdertechnik.com), no matches
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (bypass_spam_checks) => undef, "a.busam at hofmann-foerdertechnik.com" does not match
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) final_destiny (ccat=0) is PASS, recip a.busam at hofmann-foerdertechnik.com
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) final_destiny PASS, recip a.busam at hofmann-foerdertechnik.com
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) do_notify_and_quar: ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), q_mth=, qar_mth=
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) skip admin notification, no administrators
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) do_notify_and_quarantine - done
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="2"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_tag_level) => true, "a.busam at hofmann-foerdertechnik.com" matches, result="2", matching_key="(constant:2)"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="6.31"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_tag2_level) => true, "a.busam at hofmann-foerdertechnik.com" matches, result="6.31", matching_key="(constant:6.31)"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) headers CLUSTERING: NEW CLUSTER <a.busam at hofmann-foerdertechnik.com>: score=-4.057, tag=0, tag2=0, local=0, bl=, s=, mangle=
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) header: X-Virus-Scanned: amavisd-new at hofmann-intern.de\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) header: Received: from hmmailsrv.hofmann-intern.de ([127.0.0.1])\n\tby localhost (hmmailsrv.hofmann-intern.de [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id I3A6AuMUn0nK for <a.busam at hofmann-foerdertechnik.com>;\n\tThu, 30 Jul 2009 09:30:42 +0200 (CEST)\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) headers CLUSTERING: done all 1 recips in one go
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) (about to connect to [127.0.0.1]:10025) FWD via SMTP: <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp creating socket by IO::Socket::INET: 127.0.0.1
Jul 30 09:30:47 hmmailsrv postfix/smtpd[1098]: connect from localhost[127.0.0.1]
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=1, flush=0, wr=0, timeout=30
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: receiving
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop read 47 chars< 220 hmmailsrv.hofmann-intern.de ESMTP Postfix\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to greeting: 220 hmmailsrv.hofmann-intern.de ESMTP Postfix
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp cmd> EHLO localhost
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=0, flush=1, wr=1, timeout=300
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: sending
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop send 16> EHLO localhost\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=1, flush=0, wr=0, timeout=300
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: receiving
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop read 224 chars< 250-hmmailsrv.hofmann-intern.de\r\n250-PIPELINING\r\n250-SIZE 50000000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250-AUTH PLAIN\r\n250-AUTH=PLAIN\r\n250-XFORWARD NAME ADDR PROTO HELO SOURCE\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to EHLO: 250 hmmailsrv.hofmann-intern.de\nPIPELINING\nSIZE 50000000\nVRFY\nETRN\nSTARTTLS\nAUTH PLAIN\nAUTH=PLAIN\nXFORWARD NAME ADDR PROTO HELO SOURCE\nENHANCEDSTATUSCODES\n8BITMIME\nDSN
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) Remote host presents itself as: hmmailsrv.hofmann-intern.de, handles DSN, handles PIPELINING
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp cmd> XFORWARD ADDR=192.168.1.165 NAME=wsab.hofmann-intern.de PROTO=ESMTP HELO=[192.168.1.165]
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=0, flush=1, wr=1, timeout=300
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: sending
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop send 90> XFORWARD ADDR=192.168.1.165 NAME=wsab.hofmann-intern.de PROTO=ESMTP HELO=[192.168.1.165]\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=1, flush=0, wr=0, timeout=300
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: receiving
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop read 14 chars< 250 2.0.0 Ok\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to XFORWARD: 250 2.0.0 Ok
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) AUTH not needed, user='', MTA offers 'PLAIN'
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp cmd> MAIL FROM:<a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp cmd> RCPT TO:<a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp cmd> DATA
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=0, flush=1, wr=1, timeout=120
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: sending
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop send 100> MAIL FROM:<a.busam at hofmann-foerdertechnik.com>\r\nRCPT TO:<a.busam at hofmann-foerdertechnik.com>\r\nDATA\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=1, flush=0, wr=0, timeout=300
Jul 30 09:30:47 hmmailsrv postfix/smtpd[1098]: 303054045: client=wsab.hofmann-intern.de[192.168.1.165]
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: receiving
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop read 65 chars< 250 2.1.0 Ok\r\n250 2.1.5 Ok\r\n354 End data with <CR><LF>.<CR><LF>\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to MAIL (pip): 250 2.1.0 Ok
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to RCPT (pip) (<a.busam at hofmann-foerdertechnik.com>): 250 2.1.5 Ok, id=00436-04, from MTA([127.0.0.1]:10025): 250 2.1.5 Ok
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to DATA: 354 End data with <CR><LF>.<CR><LF>
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) write_header: 0, Amavis::Out::SMTP::Protocol=HASH(0xaa1ec28)
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp cmd> QUIT
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=0, flush=1, wr=1, timeout=475
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: sending
Jul 30 09:30:47 hmmailsrv postfix/cleanup[1099]: 303054045: message-id=<4A714C1E.606 at hofmann-foerdertechnik.com>
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop send 1474> X-Virus-Scanned: amavisd-new at hofmann-intern.de\r\nReceived: from hmmailsrv.hofmann-intern.de ([127.0.0.1])\r\n\tby localhost (hmmailsrv.hofmann-intern.de [127.0.0.1]) (amavisd-new, port 10024)\r\n\twith ES [...]
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: needline=1, flush=0, wr=0, timeout=475
Jul 30 09:30:47 hmmailsrv postfix/qmgr[1368]: 303054045: from=<a.busam at hofmann-foerdertechnik.com>, size=1665, nrcpt=1 (queue active)
Jul 30 09:30:47 hmmailsrv postfix/smtpd[1098]: disconnect from localhost[127.0.0.1]
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop: receiving
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rw_loop read 50 chars< 250 2.0.0 Ok: queued as 303054045\r\n221 2.0.0 Bye\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to data-dot (<a.busam at hofmann-foerdertechnik.com>): 250 2.0.0 Ok: queued as 303054045
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) smtp resp to QUIT: 221 2.0.0 Bye
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer fwd-end-chkpnt: timer set to 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) FWD via SMTP: <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com>, 250 2.6.0 Ok, id=00436-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 303054045
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer forwarding: remaining time = 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup: (scalar) matches, result="10"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup (spam_dsn_cutoff_level_bysender) => true, "a.busam at hofmann-foerdertechnik.com" matches, result="10", matching_key="(constant:10)"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) dsn: from MTA 250 NonBlocking:Clean <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=1, mta_resp: "250 2.0.0 Ok: queued as 303054045"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) DSN: SUCC from MTA 250 NonBlocking:Clean, no DSN requested: <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com>
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) one_response_for_all <a.busam at hofmann-foerdertechnik.com>: success, r=0,b=0,d=0, ndn_needed=0, '250 2.0.0 Ok: queued as 303054045'
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) notif=N, suppressed=0, ndn_needed=0, exit=0, 250 2.0.0 Ok: queued as 303054045
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer delivery-notification: remaining time = 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) parse_received: from = [192.168.1.165] (wsab.hofmann-intern.de [192.168.1[...]/[192.168.1.165]/wsab.hofmann-intern.de/192.168.1.165
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) parse_received: by = hmmailsrv.hofmann-intern.de /hmmailsrv.hofmann-intern.de//
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) parse_received: with = ESMTP\t/ESMTP\t//
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) parse_received: for = <a.busam at hofmann-foerdertechnik.com>/<a.busam at hofmann-foerdertechnik.com>//
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) parse_received: ; = Thu, 30 Jul 2009 09:30:42 +0200 (CEST)/Thu, 30 Jul 2009 09:30:42 +0200 (CEST)//
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) fish_out_ip_from_received: 192.168.1.165, [192.168.1.165] (wsab.hofmann-intern.de [192.168.1.165])\t
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) lookup_ip_acl (publicnetworks): key="192.168.1.165" matches "!192.168.0.0/16", result=0
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) best_try_originator_ip: 192.168.1.165
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) Passed CLEAN, MYNETS LOCAL [192.168.1.165] [192.168.1.165] <a.busam at hofmann-foerdertechnik.com> -> <a.busam at hofmann-foerdertechnik.com>, Message-ID: <4A714C1E.606 at hofmann-foerdertechnik.com>, mail_id: I3A6AuMUn0nK, Hits: -4.057, size: 1161, queued_as: 303054045, 4972 ms
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer main_log_entry: remaining time = 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) Syslog warnings: 1 x Connection refused
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) updating snmp variables
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) prolong_timer check done: remaining time = 475 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) sending SMTP response: "250 2.0.0 Ok: queued as 303054045"
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) ESMTP> 250 2.0.0 Ok: queued as 303054045
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) TempDir::strip: /var/spool/amavis/tmp/amavis-20090730T090234-00436
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) rmdir_recursively: /var/spool/amavis/tmp/amavis-20090730T090234-00436/parts, excl=1
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) TIMING [total 4976 ms] - SMTP greeting: 2 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 3 (0%)0, SMTP DATA: 45 (1%)1, check_init: 1 (0%)1, digest_hdr: 0 (0%)1, digest_body: 0 (0%)1, gen_mail_id: 1 (0%)1, mime_decode: 6 (0%)1, get-file-type1: 10 (0%)1, parts_decode: 0 (0%)1, check_header: 2 (0%)1, AV-scan-1: 5 (0%)2, spam-wb-list: 4 (0%)2, SA msg read: 1 (0%)2, SA parse: 2 (0%)2, SA check: 4849 (97%)99, update_cache: 5 (0%)99, decide_mail_destiny: 2 (0%)99, fwd-connect: 7 (0%)99, fwd-xforward: 1 (0%)99, fwd-mail-pip: 4 (0%)100, fwd-rcpt-pip: 0 (0%)100, fwd-data-chkpnt: 0 (0%)100, write-header: 1 (0%)100, fwd-data-contents: 0 (0%)100, fwd-end-chkpnt: 10 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 8 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100, unlink-1-files: 0 (0%)100, rundown: 0 (0%)100
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) idle_proc, 6: was busy, 4970.1 ms, total idle 1675.809 s, busy 17.256 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) idle_proc, 5: was idle, 0.2 ms, total idle 1675.809 s, busy 17.256 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) ESMTP< QUIT\r\n
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) switch_to_my_time 480 s, SMTP QUIT received
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) ESMTP> 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) switch_to_client_time 480 s, smtp response sent
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) SMTP session over, timer stopped
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) exiting process_request
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) post_process_request_hook: timer was not running
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) idle_proc, bye: was busy, 1.9 ms, total idle 1675.809 s, busy 17.258 s
Jul 30 09:30:47 hmmailsrv amavis[436]: (00436-04) load: 1 %, total idle 1675.809 s, busy 17.258 s
Jul 30 09:30:47 hmmailsrv postfix/pipe[1101]: 303054045: to=<a.busam at hofmann-foerdertechnik.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul 30 09:30:47 hmmailsrv postfix/qmgr[1368]: 303054045: removed
Mehr Informationen über die Mailingliste Postfixbuch-users