Weird messages on my FreeBSD box...? [Archive]

tarballed

May 19th, 2005, 19:43

Just was checking out my FreeBSD box that acts as a mailgateway for our company. I "think" it could be a bug in the software (Mailscanner), and im checking in on it right now.

What i saw/see in my /var/log/messages that caught my eye:

May 19 16:29:24 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0

This is repeated a lot in my /var/log/messages.

Then this one, which is vague, but made my heart sputter:

May 19 16:32:33 mail sshd[76558]: error: PAM: Authentication failure

So, me being paranoid, I ran out and did a check with chkrootkit as well as rkhunter (rootkithunter).

Everything came back clean.

But, would still like to know what those messages are so I can breathe easier.

I appreciate the help.

Tarballed

tarballed

May 19th, 2005, 20:16

I should mention, on the SSHD PAM, I am not sure if that was me or not, but im thinking know.

Also, for more info, this box is connected to the internet only on port 25. That's it. Only incoming mail and outgoing mail.

I can however, access other ports from our private LAN. Just trying to give more info.

tarballed

May 20th, 2005, 11:28

Ok..quick update.
Everything appears to be ok, except I am still seeing a lot of the following messages in /var/log/messages. I have been unable to figure out what it is and was hoping someone here might have an idea. Here it is:

May 20 08:23:44 mail jwilliams: Process did not exit cleanly, returned 255 with signal 0

Bunch of those show up.

ANy ideas?

tarballed

May 20th, 2005, 12:54

Nevermind. figured it out.

Kernel_Killer

May 20th, 2005, 14:23

Can you please follow up on what it was so that others with this question can get an answer?

tarballed

May 20th, 2005, 16:32

Can you please follow up on what it was so that others with this question can get an answer?

sure...the problem was with a application i am running on this particular server.

I'm running a program called mailscanner (removes viruses, spam etc.) On top of that, im running a program called Mailwatch (http://mailwatch.sourceforge.net).

The problem was that I recently upgraded mailscanner to the latest and greatest in the ports tree. There were some recent changes in mailscanner that required a few .pm files in mailwatch to be upgraded as well. However, this seems to be a new bug and I have already fired a email off to the author with the pertinent data.

That's it. Sorry i didn't follow up. Since it involved additional software, didn't know if anyone would need to know.