JustPaste.it - Share Text & Images the Easy Way

Inwebo access :

Aug 13 05:07:00 host1 inweboaccess 100.78.114.162 - - [13/Aug/2019:05:07:00 +0200] "GET / HTTP/1.1" 200 1823 "-" "Supervision" IP_FORWARDEE "155.239.77.216" IP_PROXY_FORWARDEE "155.239.77.216, 100.78.114.162"
Aug 13 05:07:10 host1 inweboaccess 100.78.114.165 - - [13/Aug/2019:05:07:01 +0200] "GET /login/ HTTP/1.1 Host:host.fr" 400 166 "-" "-" IP_FORWARDEE "-" IP_PROXY_FORWARDEE "100.78.114.165"
Aug 13 05:07:10 host1 inweboaccess 100.78.114.166 - - [13/Aug/2019:05:07:02 +0200] "GET /login/ HTTP/1.1 Host:host.fr" 400 166 "-" "-" IP_FORWARDEE "-" IP_PROXY_FORWARDEE "100.78.114.166"
Aug 13 05:07:10 host1 inweboaccess 100.78.114.167 - - [13/Aug/2019:05:07:04 +0200] "GET /login/ HTTP/1.1 Host:host.fr" 400 166 "-" "-" IP_FORWARDEE "-" IP_PROXY_FORWARDEE "100.78.114.167"

Inwebo error :

Aug 13 08:26:00 host1 inweboerror 2019/08/13 08:25:55 [error] 10570#10570: *737875 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.78.114.162, server: $servername, request: "POST /Microsoft-Server-ActiveSync?Cmd=Ping&User=username&DeviceId=S4C17QVFCCF5F426&DeviceType=SamsungDevice HTTP/1.1", upstream: "https://172.22.2.26:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=username&DeviceId=S4C17QVFCCF5F426&DeviceType=SamsungDevice", host: "vipweb-host.fr"
Aug 13 08:29:00 host1 inweboerror 2019/08/13 08:28:59 [error] 10570#10570: *738078 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.78.114.162, server: $servername, request: "POST /Microsoft-Server-ActiveSync?Cmd=Ping&User=username&DeviceId=S4C17QVFCCF5F426&DeviceType=SamsungDevice HTTP/1.1", upstream: "https://172.22.2.26:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=username&DeviceId=S4C17QVFCCF5F426&DeviceType=SamsungDevice", host: "vipweb-host.fr"

Mailbox :

Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,517 INFO [qtp127618319-1985481] [name=user1@host.fr;mid=7824;oip=8.8.8.8, 10.0.4.79;port=59176;ua=ZimbraWebClient - FF68 (Win)/8.7.11_GA_3789;] store - Getting http://172.22.1.1:81/proxy/chord/E8767891A893E21077384186AF9E6A0BB9A82020, service_id=0x0b
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,567 INFO [qtp127618319-1985481] [name=user1@host.fr;mid=7824;oip=8.8.8.8, 10.0.4.79;port=59176;ua=ZimbraWebClient - FF68 (Win)/8.7.11_GA_3789;] soap - GetMsgRequest elapsed=59
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,618 INFO [qtp127618319-1985524] [name=user2@host.fr;mid=7567;oip=10.0.1.108;port=50250;ua=ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789;] soap - NoOpRequest elapsed=0
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,671 INFO [qtp127618319-1985523] [name=user2@host.fr;mid=7567;oip=10.0.1.108;port=50260;ua=ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789;] soap - SearchRequest elapsed=0
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,731 INFO [qtp127618319-1985204] [name=user3@host.fr;aname=user4@host.fr;mid=8276;ip=10.0.1.77;port=44763;ua=ZCS/8.7.11_GA_3789;via=10.0.3.19(ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789);] soap - GetEffectiveFolderPermsRequest elapsed=1
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,732 INFO [qtp127618319-1985481] [name=user5@host.fr;mid=7530;oip=8.8.4.4;port=50262;ua=ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789;] store - Putting http://172.22.1.2:81/proxy/chord/2DFC298BD279471E206A3989B1E8830B9B802520, service_id=0x0b, actual_size=4926
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,761 INFO [qtp127618319-1985524] [name=user3@host.fr;aname=user4@host.fr;mid=8276;ip=10.0.1.77;port=44763;ua=zclient/8.7.11_GA_3789;via=10.0.3.19(ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789);] soap - SearchRequest elapsed=2
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,763 INFO [qtp127618319-1985481] [name=user5@host.fr;mid=7530;oip=8.8.4.4;port=50262;ua=ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789;] store - Deleting http://172.22.1.3:81/proxy/chord/E88FA18BD279471E206A3989B1B8B50BBDD5B820, service_id=0x0b
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,772 INFO [qtp127618319-1985481] [name=user5@host.fr;mid=7530;oip=8.8.4.4;port=50262;ua=ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789;] soap - SaveDraftRequest elapsed=48
Aug 13 08:37:13 stor1 mailbox 2019-08-13 08:37:13,786 INFO [qtp127618319-1985563] [name=user3@host.fr;aname=user4@host.fr;mid=8276;ip=10.0.1.77;port=44763;ua=ZCS/8.7.11_GA_3789;via=10.0.3.19(ZimbraWebClient - FF52 (Win)/8.7.11_GA_3789);] soap - GetEffectiveFolderPermsRequest elapsed=0

Zimbra:

Aug 13 05:06:58 smtp01 postfix/cleanup[8650]: 933674039842: message-id=<urn.uuid.6B39D6BAD62F5BE97A1565666113884DoNotReply@host.fr>
Aug 13 05:06:58 smtp01 postfix/qmgr[30670]: 933674039842: from=<DoNotReply@host.fr>, size=33692, nrcpt=1 (queue active)
Aug 13 05:06:58 smtp01 amavis[7817]: (07817-14) ESMTP :10024 /opt/zimbra/data/amavisd/tmp/amavis-20190813T045314-07817-Ybz_H3IX: <DoNotReply@host.fr> -> <collecte@uip.host.fr> SIZE=33692 Received: from smtp01.emercure.douane ([127.0.0.1]) by localhost (smtp01.emercure.douane [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <collecte@uip.host.fr>; Tue, 13 Aug 2019 05:06:58 +0200 (CEST)
Aug 13 05:06:58 smtp01 amavis[7817]: (07817-14) Checking: 0wmtWjKMmf0t [172.22.3.250] <DoNotReply@host.fr> -> <collecte@uip.host.fr>
Aug 13 05:06:58 smtp01 postfix/amavisd/smtpd[8662]: connect from localhost[127.0.0.1]
Aug 13 05:06:58 smtp01 postfix/amavisd/smtpd[8662]: B5C024039853: client=localhost[127.0.0.1]
Aug 13 05:06:58 smtp01 postfix/cleanup[10231]: B5C024039853: message-id=<urn.uuid.6B39D6BAD62F5BE97A1565666113884DoNotReply@host.fr>
Aug 13 05:06:58 smtp01 postfix/amavisd/smtpd[8662]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Aug 13 05:06:58 smtp01 postfix/qmgr[30670]: B5C024039853: from=<DoNotReply@host.fr>, size=34195, nrcpt=1 (queue active)
Aug 13 05:06:58 smtp01 amavis[7817]: (07817-14) 0wmtWjKMmf0t FWD from <DoNotReply@host.fr> -> <collecte@uip.host.fr>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B5C024039853
Aug 13 05:06:58 smtp01 amavis[7817]: (07817-14) Passed CLEAN {RelayedInbound}, [172.22.3.250]:65021 [185.24.184.20] <DoNotReply@host.fr> -> <collecte@uip.host.fr>, Queue-ID: 933674039842, Message-ID: <urn.uuid.6B39D6BAD62F5BE97A1565666113884DoNotReply@host.fr>, mail_id: 0wmtWjKMmf0t, Hits: -, size: 33691, queued_as: B5C024039853, 108 ms
Aug 13 05:06:58 smtp01 postfix/smtp[10235]: 933674039842: to=<collecte@uip.host.fr>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.16, delays=0.05/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B5C024039853)
Aug 13 05:06:58 smtp01 postfix/qmgr[30670]: 933674039842: removed
Aug 13 05:06:58 smtp01 postfix/lmtp[7813]: B5C024039853: to=<collecte@uip.host.fr>, relay=dxprozcsstorme08.emercure.douane[172.22.2.78]:7025, delay=0.12, delays=0.01/0/0.06/0.05, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Aug 13 05:06:58 smtp01 postfix/qmgr[30670]: B5C024039853: removed
Aug 13 05:07:00 smtp01 zimbramon[30717]: 30717:info: zmstat proc.csv: timestamp, system, user, sys, idle, iowait, postfix, postfix-total-cpu, postfix-utime, postfix-stime, postfix-totalMB, postfix-rssMB, postfix-sharedMB, postfix-process-count, amavis, amavis-total-cpu, amavis-utime, amavis-stime, amavis-totalMB, amavis-rssMB, amavis-sharedMB, amavis-process-count, clam, clam-total-cpu, clam-utime, clam-stime, clam-totalMB, clam-rssMB, clam-sharedMB, clam-process-count, zmstat, zmstat-total-cpu, zmstat-utime, zmstat-stime, zmstat-totalMB, zmstat-rssMB, zmstat-sharedMB, zmstat-process-count:: 08/13/2019 05:07:00, system, 1.4, 0.4, 98.2, 0.0, postfix, 0.0, 0.0, 0.0, 48.7, 2.8, 2.1, 22, amavis, 0.1, 0.1, 0.0, 315.8, 41.3, 1.8, 11, clam, 0.1, 0.1, 0.0, 69.0, 2.6, 1.3, 2, zmstat, 0.1, 0.1, 0.0, 4.3, 0.8, 0.6, 12
Aug 13 05:07:03 smtp01 postfix/postscreen[30689]: CONNECT from [172.22.3.251]:40179 to [172.22.2.14]:25
Aug 13 05:07:03 smtp01 postfix/postscreen[30689]: WHITELISTED [172.22.3.251]:40179
Aug 13 05:07:03 smtp01 postfix/smtpd[7384]: connect from unknown[172.22.3.251]
Aug 13 05:07:03 smtp01 postfix/smtpd[7384]: disconnect from unknown[172.22.3.251] helo=1 quit=1 commands=2
Aug 13 05:07:03 smtp01 postfix/smtpd[8663]: disconnect from unknown[172.22.3.250] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Aug 13 05:07:03 smtp01 postfix/postscreen[30689]: CONNECT from [172.22.3.250]:65023 to [172.22.2.14]:25
Aug 13 05:07:03 smtp01 postfix/postscreen[30689]: PASS OLD [172.22.3.250]:65023
Aug 13 05:07:03 smtp01 postfix/smtpd[8642]: connect from unknown[172.22.3.250]
Aug 13 05:07:03 smtp01 postfix/smtpd[8642]: NOQUEUE: filter: RCPT from unknown[172.22.3.250]: <email@host.fr>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<email@host.fr> to=<user@host.fr> proto=ESMTP helo=<smtp.internal>

Audit :

Aug 13 08:45:54 stor01 audit.log 2019-08-13 08:45:52,425 INFO [ImapServer-9659] [ip=10.1.1.1;oip=10.1.1.2;via=10.1.1.1(nginx/1.7.1);ua=Zimbra/8.7.11_GA_1854;] security - cmd=Auth; account=email3@host.fr; protocol=imap;
Aug 13 08:45:54 stor01 audit.log 2019-08-13 08:45:53,243 INFO [qtp127618319-1986192] [name=admin@host.fr;ip=10.1.1.1;port=34110;] security - cmd=AdminAuth; account=admin@host.fr;
Aug 13 08:45:54 stor01 audit.log 2019-08-13 08:45:53,245 INFO [qtp127618319-1986192] [name=admin@host.fr;ip=10.1.1.1;port=34110;] security - cmd=Auth; account=admin@host.fr; protocol=soap;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:45:55,196 INFO [qtp127618319-1986216] [oip=10.1.1.1;port=39912;ua=Mozilla/5.0 (Windows NT 6.1;; WOW64;; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 Lightning/6.2.2.1;] security - cmd=Auth; account=email3@host.fr; protocol=http_dav;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:45:55,208 INFO [qtp127618319-1986184] [oip=10.1.1.1;port=39914;ua=Mozilla/5.0 (Windows NT 6.1;; WOW64;; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 Lightning/6.2.2.1;] security - cmd=Auth; account=email3@host.fr; protocol=http_dav;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:45:56,459 INFO [qtp127618319-1986221] [oip=10.1.1.1;port=40006;ua=Mozilla/5.0 (Windows NT 6.1;; WOW64;; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 Lightning/6.2.2.1;] security - cmd=Auth; account=email3@host.fr; protocol=http_dav;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:45:59,925 INFO [qtp127618319-1986060] [ip=10.1.1.1, 10.1.1.2;] security - cmd=Auth; account=antonio.martin@douane.finances.gouv.fr; protocol=zsync;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:45:59,956 INFO [qtp127618319-1986216] [ip=10.1.1.1, 10.1.1.2;] security - cmd=Auth; account=benoit.denis@douane.finances.gouv.fr; protocol=zsync;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:46:02,341 INFO [qtp127618319-1986298] [name=email1@host.fr;oip=10.1.1.2;ua=zclient/8.7.11_GA_3789;] security - cmd=Auth; account=email1@host.fr; protocol=soap;
Aug 13 08:46:04 stor01 audit.log 2019-08-13 08:46:03,957 INFO [qtp127618319-1986298] [name=email2@host.fr;oip=10.1.1.2;ua=zclient/8.7.11_GA_3789;] security - cmd=Auth; account=email2@host.fr; protocol=soap;