Unknown Imap Logouts in Logwatch

Morley

Well-Known Member
Apr 24, 2007
66
0
156
Hi,

I'm a novice at reading the logwatch results but I was alarmed at seeing a few LOGOUT IPs that were not like the rest. Usually everything is either me or another couple of users. Here's a sample:

Known user:
LOGOUT, [email protected], ip=[::ffff:67.188.132.183], headers=5306, body=171623, rcvd=20284, sent=231499, time=68502: 1 Time(s)
LOGOUT, [email protected], ip=[::ffff:67.188.132.183], headers=5830, body=216964, rcvd=17809, sent=300830, time=68501: 1 Time(s)

Unknown IP
LOGOUT, ip=[::ffff:69.64.32.77], rcvd=11, sent=307: 48 Time(s)
LOGOUT, ip=[::ffff:81.19.151.110], rcvd=11, sent=307: 48 Time(s)
LOGOUT, ip=[::ffff:85.25.129.25], rcvd=11, sent=307: 43 Time(s)

These IPs all resolve to web pages.

Should I be concerned about these?

Thanks
 

nyjimbo

Well-Known Member
Jan 25, 2003
1,135
1
168
New York
Could be third party webmail logins. I started seeing this from verizon webmail intefaces recently but with known-good accounts.

If all they are doing is reading email and nothing else weird is going on I cant imagine what else they could be doing. 81.19.151.110 is a uptime monitor, so someone could be watching your performance, my customers do it with all kinds of tools.

One is from germany, do you have customers there?.
 
Last edited:

Morley

Well-Known Member
Apr 24, 2007
66
0
156
No customers from germany but I do use an uptime monitor. Would this show up in the logs even if someone just contacts the IMAP?

Thanks