Odd Time Stamp Showing Up In Logs

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Odd Time Stamp Showing Up In Logs

asai
Greetings,

Every so often in the maillogs I see something like this:
Mar  2 20:43:12 triata postfix/smtpd[14482]: disconnect from
unknown[127.0.0.1]

This was taken from about 10 minutes ago.  The odd thing here is the
time stamp.  It's saying 8 PM, and it's 1 PM US MST.  All of the other
time entries are showing up normally, except for this kind of entry.

Does anyone have any insight here?

--
--asai

Reply | Threaded
Open this post in threaded view
|

Re: Odd Time Stamp Showing Up In Logs

/dev/rob0
On Wed, Mar 02, 2011 at 01:51:25PM -0700, Asai wrote:
> Every so often in the maillogs I see something like this:
> Mar  2 20:43:12 triata postfix/smtpd[14482]: disconnect from
> unknown[127.0.0.1]
>
> This was taken from about 10 minutes ago.  The odd thing here is
> the time stamp.  It's saying 8 PM, and it's 1 PM US MST.  All of

Looks like UTC.

> the other time entries are showing up normally, except for this
> kind of entry.
>
> Does anyone have any insight here?

Postfix does not write these log files, your syslogd(8) does. I'll
offer a WAG here that you're using a prepackaged Postfix, and didn't
see the packager's README. I'll further guess that the packager
unwisely changed the default of non-chrooted Postfix.

    http://www.postfix.org/DEBUG_README.html#no_chroot
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: Odd Time Stamp Showing Up In Logs

mouss-4
In reply to this post by asai
Le 02/03/2011 21:51, Asai a écrit :

> Greetings,
>
> Every so often in the maillogs I see something like this:
> Mar  2 20:43:12 triata postfix/smtpd[14482]: disconnect from
> unknown[127.0.0.1]
>
> This was taken from about 10 minutes ago.  The odd thing here is the
> time stamp.  It's saying 8 PM, and it's 1 PM US MST.  All of the other
> time entries are showing up normally, except for this kind of entry.
>
> Does anyone have any insight here?
>

most probably, your smtpd is chrooted and /etc/localtime isn't copied to
the chroot cage.

what do you get when you do:
        grep smtpd master.cf
?

try:

cp /etc/localtime /var/spool/postfix/etc/
postfix stop
postfix start
Reply | Threaded
Open this post in threaded view
|

Re: Odd Time Stamp Showing Up In Logs

asai
On 3/2/2011 3:14 PM, mouss wrote:

> Le 02/03/2011 21:51, Asai a écrit :
>> Greetings,
>>
>> Every so often in the maillogs I see something like this:
>> Mar  2 20:43:12 triata postfix/smtpd[14482]: disconnect from
>> unknown[127.0.0.1]
>>
>> This was taken from about 10 minutes ago.  The odd thing here is the
>> time stamp.  It's saying 8 PM, and it's 1 PM US MST.  All of the other
>> time entries are showing up normally, except for this kind of entry.
>>
>> Does anyone have any insight here?
>>
> most probably, your smtpd is chrooted and /etc/localtime isn't copied to
> the chroot cage.
>
> what do you get when you do:
> grep smtpd master.cf
> ?
>
> try:
>
> cp /etc/localtime /var/spool/postfix/etc/
> postfix stop
> postfix start
smtp      inet  n       -       n       -       -       smtpd
587             inet      n             -               n              
-               -                 smtpd
#submission inet n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
127.0.0.1:10025 inet n  -       y     -       -  smtpd
     -o smtpd_restriction_classes=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
#       -o smtpd_sender_restrictions=${postfilter_sender_restrictions}

Tried copying localtime to var/spool/postfix/etc and restarted... still
see UTC

--
--asai

Reply | Threaded
Open this post in threaded view
|

Re: Odd Time Stamp Showing Up In Logs

Victor Duchovni
On Wed, Mar 02, 2011 at 03:37:44PM -0700, Asai wrote:

> smtp            inet  n       -       n       -       -       smtpd
> 587             inet  n       -       n       -       -       smtpd
> 127.0.0.1:10025 inet  n       -       y       -       -       smtpd

The first two are fine, the third is chrooted, which is unlikely what
you want, especially since this is the least vulnerable instance as it
listens on the loopback address.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Odd Time Stamp Showing Up In Logs

asai
In reply to this post by /dev/rob0
On 3/2/2011 2:24 PM, /dev/rob0 wrote:

> On Wed, Mar 02, 2011 at 01:51:25PM -0700, Asai wrote:
>> Every so often in the maillogs I see something like this:
>> Mar  2 20:43:12 triata postfix/smtpd[14482]: disconnect from
>> unknown[127.0.0.1]
>>
>> This was taken from about 10 minutes ago.  The odd thing here is
>> the time stamp.  It's saying 8 PM, and it's 1 PM US MST.  All of
> Looks like UTC.
>
>> the other time entries are showing up normally, except for this
>> kind of entry.
>>
>> Does anyone have any insight here?
> Postfix does not write these log files, your syslogd(8) does. I'll
> offer a WAG here that you're using a prepackaged Postfix, and didn't
> see the packager's README. I'll further guess that the packager
> unwisely changed the default of non-chrooted Postfix.
>
>      http://www.postfix.org/DEBUG_README.html#no_chroot
It is looking like Amavis is set to be chrooted here...
smtp-amavis unix -      -       y     -       2  smtp
     -o smtp_data_done_timeout=1200
     -o smtp_send_xforward_command=yes
     -o disable_dns_lookups=yes
     -o max_use=20

127.0.0.1:10025 inet n  -       y     -       -  smtpd

--
--asai

Reply | Threaded
Open this post in threaded view
|

Re: Odd Time Stamp Showing Up In Logs

asai
In reply to this post by Victor Duchovni
On 3/2/2011 3:43 PM, Victor Duchovni wrote:
> On Wed, Mar 02, 2011 at 03:37:44PM -0700, Asai wrote:
>
>> smtp            inet  n       -       n       -       -       smtpd
>> 587             inet  n       -       n       -       -       smtpd
>> 127.0.0.1:10025 inet  n       -       y       -       -       smtpd
> The first two are fine, the third is chrooted, which is unlikely what
> you want, especially since this is the least vulnerable instance as it
> listens on the loopback address.
>
Makes sense.  Thanks, guys.

--
--asai