This is a follow-up to comments I made here https://forum.bytemark.co.uk/t/lots-of-errors-on-new-cloud-server/2682/4
The culprit for the recent series of frequent crashes is still looking like d-push/activesync. I've not looked in-depth or tried replicating as it's a production machine and I don't currently have access to suitable client-side kit. I could be wrong but timing wise, the frequent crashes stopped as soon as I blocked access to the d-push service.
The usual machine-killing suspects are innocent; I've been running the beta http logger for many months and clamav was fully disabled after the first sign of trouble.
It looks like the problem started when a client configured a Motorola mobile with Outlook for Android. They went through a give-me-your-credentials+server auto-configuration which defaulted to activesync - the user doesn't remember a choice of account type (IMAP/POP3). They used the default hostname rather than 'mail.my-brilliant-site'.
apache logs started showing entries like;
18.104.22.168 is a central service for Outlook, or something. As as quick test, I firewalled the address & rebooted -- the machine has been fine ever since. The client has since reconfigured the phone to use a standard IMAP account - via the 'advanced' settings - and all is well.
Client-side functionality initially looked Ok but the apache and d-push logs started filling with errors.
/var/log/d-push/d-push.log (& d-push-error.log)
The firewall 'solution' is far from ideal so it would be useful to know how to disable the d-push service properly.