Fedora Core 2 Crash..strange message in log

[miracle]

My Fedora Core 2 based mailserver running postfix/spam assassin crashed last night (it powered all the way down) and I'm having a hard time figuring out why. There is nothing strange in the logs with the exception of the maillog. I can't make any sense of it because it looks like the last IP to connect actually disconnected, and then the random character dump happened. I changed a few things to hide my domain and username...for example, where you see OURDOMAIN?USERNAME that would be my ACTUAL domain name and user name. I hope someone can help. The last entry before the crash reads like this:

Oct 6 14:32:21 localhost postfix/smtpd[8715]: connect from prt84.portpanel.com[63.116.198.84]
Oct 6 14:32:29 localhost postfix/smtpd[8715]: 77E36C23E: client=prt84.portpanel.com[63.116.198.84]
Oct 6 14:32:56 localhost postfix/cleanup[8669]: 77E36C23E: message-id=<q4PC1,583$4PCb4iD4z-4Ku6z@prt84.portpanel.com>
Oct 6 14:32:56 localhost postfix/nqmgr[18038]: 77E36C23E: from=<1-2490144-OURDOMAIN?USERNAME@stderr.portpanel.com>, size=2779,
nrcpt=1 (queue active)
Oct 6 14:32:56 localhost amavis[8684]: (08684-04) ESMTP::10024 /var/amavis/tmp/amavis-20051006T142431-08684: <1-2490144-OURDOMAIN?USERNAM@stderr.portpanel.com> -> <USERNAME@DOMAINNAME> Received: SIZE=2779 from OURMAILSERVER.OURDOMAIN.COM ([127.0.0.1]) by localh
ost (MAILSERVERHOSTNAME [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08684-04 for <USERNAME@DOMAINNAME>; Thu, 6 Oct 2005 14:32:
56 -0700 (PDT)
Oct 6 14:32:56 localhost amavis[8684]: (08684-04) Checking: <1-2490144-OURDOMAIN?USERNAME@stderr.portpanel.com> -> <USERNAME@DOMAINAME>
Oct 6 14:33:01 localhost postfix/smtpd[8843]: connect from mail.OURISP.net[XX.XX.XX.XXX]
Oct 6 14:33:02 localhost postfix/smtpd[8843]: 88A15C258: client=mail.OURISP.net[XX.XX.XX.XX]
Oct 6 14:33:02 localhost postfix/smtpd[8715]: disconnect from prt84.portpanel.com[63.116.198.84]


T0T9kKLNCu2pDRZX80pU+50g43ihfe/Q2y1u9qpg00uKJboyNLCh42oFsTk8Gh13+rKpk4NKFQqU8UqZfBQu1Z4v1vqpcvynCi/ICOeEFaYXM4++HB0XvMcWVQl
rQxNLDLU1GcZOb9AdPfAWGj/CTQZgLa44aSEclvylms8nnb4ZOnCIm8Pwg5Z+aPd89zwQX7m/PVuxUmkRNLW3h77Y9YuomTbw9L5Y0Vt/Z2mroHyMO9WqgHaRlP
9WpZKXmLOscSx2kxfnfVaYl41dLf6XzsiZt9NL94K9GDlV8HE9sZewb4olJY2qK55KEMxymY9nIre5xUQDZW463qchZz6zF63bnFuMGzMuCEvnElIGNLcY7xDIL
XoOnSmaJEWQacj1hEF3fFCf5M1AkjXt9R+wv9BsPIvE8rrzjnoUf3VQwS82ViBm6aJ3kcNLY/namgKLPHOPWCatDrLIEJ6fVf1cQ8hVNk6jSLW8QHaLCJa/Tv5f
Kpd1oZolJgOcwqdKFgtzGZnCNL9GPD/fSEx5aG4Q9vTwmVvF9k7+mk4UqN/brcT5FcW3My5KdvWBmmjmXCfacYw/6iJJV2RRxQTc0gNLEfeI5VMbBtRBzDp0pEl
FJRF7SY+5jF7VcIQtSC+HFbYCOCi3feWMFaosVvbPgVpOJmEm6xKQq9cnNL29GanfluJqrHqDye6uUgKNNERNFxMo5aGJNkaT1LhunhEtkYbRU2nvbaGPD2O8tT
rkB/ZFtk/mv1NLm0pnnPr35SxGxSrLmTuhzQKuZdy8pNYkmcI6Na9HI0x8nKRmc+L0MrZP7n9fmHdIyDX29xPoQPgONLSQ/a1ODsSJBj7+zVf8bWNvSGXyeijJy
97zqoQhu8HdQBQvEYHP06JTlajhO3gSweTqQhVfQSfxj9NLTN1CxtuLzwrb00t+dVOuObS094m1404Y4z9nsU/MIEUcyMdsAd+8dtl8iy1OerqEKEldNf21VCky
NLLpiVfXCiet3vPrEbXMhrYyWoWQ/OUO+KBeup0eIyeSKG49Z43ZoMe+oDK2MNqI1c9W3aBBNhPNszNLtDLcJ7OOCYV3c6SrLTrQuc7WDPW3NbE1HIsB9lTC2zc
ZXR1pe653At6FHFxeqhM8wp08LCzH8tVUNLyQsV1hWLV5zNdJwlwCFSEhZtJZ1EObcdw/QcFQ5dH47b9dk8qPjNilM+W2dqNc9mlzZV0YiHbVi/NLJo5LvlQMCe
Ogkz3ktwod80212Gikcclns3blWLaszgkhrVlSnohDFozokIbozce36yMFHPZhR+aDNLz3WZWVjECMG3PxcTl2J53T79WfL8hZMDKzLKYJROs9trU8kci03aLNQ
n37V7/8WQh2VtcIZRylz+NL4Y/sPT/LcpyUGIBnp73d+F3Gqgm8aJUtlQYyy5xM8gBMWjve/QNVID0msVGKotP7UfhBOx02JgEdNLG+HQzHV4Y7+yY75D3cUicv
HpxSe8fb1BJfDOr4wdtjeGSs7Lw5AMs82SvA1mOx3RsqOirWNS0wJ8NL5SsFkaHWgo72FdownvFMjzNm59gSga66pszdWCZj6b+cqkniV788jxp5ngHyAyCjo6o
7ZBfUlX/VNL0+LSV+qcxUu+wfvTqMfV4wN/TbRBhHDfTrG0gVx4TraAp95rrLuoUSSYaX7ezAnkogifh9Ncp0sLNLrQ5z1wtz88w6giO7Wg3fB2hYDuESDXgXSH
ycNjf5NM4UJUZsIlLc3yDYEP1Sgckt8TdKRaNzkIpvNL1l85vOGBd0h3rLYbwZ/JVJPgDqPhpcKByrla9DC66f35MNpkNCi6PwfzNxc6W5fbukuOqj/4navJNLh
B0z/gCT/M0tojZTXqjmXqMZ6fujTIc/UhF7IcEsByoma2GoSRyv17MkIuN0wDV9LtJUZZiU3tSeNLVdyVfO2l6vzcCbarvBMBypEqzhbf5K6Q3CDQnF5ltEQoPe
8TJeaCvZUv7Mf++kmKVCL92iq+QvCYNLpWHvi0GBZBHP4XdzE3X/bfCO+nwSIZeyW9WzWK0RwfILRvcITkgiSdyluYR6U/MNpQXFtp3vk6DNNLwhFl80LaztJhR
UQcBXtQ9iOWaee7TYodCVmCp3XCtY0cO9+VlfSsAC90jLK92YMD8b+VaXp5O6E4NLh9OiGL2Bt/qaBISkMVe/fR6s0UtEnady40Jq61OEseMHBrnMGaXls6W7MB
EOjj+Fbs4SqqpenMlrNLWZeh0czN8erPjhqmHKSL1tdx/R6xlFSXi326HW/G7fmlx+sFU5jZrgMJPMp6saK81W8DB3DZw9TJNLHdRhuAEqn1M38ehk7XGFtXasH
VexqcdArJiAYOfnkNRoiLjieJ9emjVjGlBHI+3jyuvm/LWc8chtNL08pQAfLJptaIkef5xcgJoq1+gyvfL+A7quxkaXMLE+n3P4cOAA2RiVaE6ryDQBPU0nhLeh
BnJeV6NL+N8gJWrSb7n8lwJCQ1W0asaRn7iB7a3tGWdq/hWzlRxz3pWceo6aUZwJP4rZJzPr9R31/gt9d+dNNLKlb7F0PuZVRpbiVsjheHVT9mXdUscXI8dnbjA
HmDykCGD7IFeFifWpr7cA+N4NAAgzvplIH3qsVZNL1VlPzcqNDV6B79LJwd85bKJd48w1robq84+P4G6utkbHibPCIM7OXYlwAGmdw9sha8e1zdT4HxyiNLyTGX

[SirDice]

Originally posted here by miracle
My Fedora Core 2 based mailserver running postfix/spam assassin crashed last night (it powered all the way down)

Are you sure something crashed? I actually never encountered a crashing program that would power down a machine. Are you sure you didn't have power problems?

[miracle]

Ermmmmm

I've never encountered a "crash" that caused a system to power down either, which is why I was confused. The first thing I did was check on the other servers plugged into the same UPS...they were all fine. I moved on, started doing the admin panic dance thinking that it was some sort of strange DoS that cause my system to power down (smart, huh?). Coming to my senses, I went and tested each port in the PSU and it turns out the that the spamassassin server was plugged into was bad.....a new PSU is on the way.

Good call, SirDice.

[kr5kernel]

You may want to investigate your ram situation as well. Although when ram fails you normally will get some kind of warning. Thats the only time I have seen a server reboot or turn off by itself (without pulling the plug).

[Katja]

Apparantly some buffer overflow. The system is writing more data to the log than the length of the string. Or it's writing data from the wrong location. The random data is therefore a partial dump of your memory. Still leaves the question if this is just a bug or if perhaps someone actually made it crash somehow through some buffer overflow vulnerability.

Upgrade what can be upgraded, check your RAM and your harddisks for possible errors. But that has been suggested already. And keep an eye on that server for a while, in case it happens again.

[Relyt]

Apparantly some buffer overflow

Apparantly not Minus the reboot and it could have been

Originally posted here by miracle
Ermmmmm

... I went and tested each port in the PSU and it turns out the that the spamassassin server was plugged into was bad.....a new PSU is on the way.

Good call, SirDice.

cheers

[miracle]

Has anyone seen a buffer-overflow style DoS with these characteristics (complete shutdown)? Likewise, has anyone seen a memory dump like this from a power outage?

[SirDice]

Your server suddenly switched off and your logfile is constantly being written to. It might just be a filesystem corruption caused by the sudden power down.