Hi, our mail server started to show up a warning about the SASL auth, and I'm starting to get some issue with pop3 and smtp. I'm not able to download the messages on my mail client, and there is some messages that weren't send by our system.
I did some research, but couldn't find any useful information related. Could it be a DDoS/Bruteforce attack? There are different IP locations.. most of Brazil, Portugal, US.. Postfix version: postfix-2.7.0,1 Postfix version (fallback): postfix-2.8.1,1 I'm using FreeBSD as server. The /var/log/maillog shows: Mar 24 10:17:10 mailserver postfix/smtpd[9301]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:10 mailserver postfix/smtpd[9301]: warning: unknown[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure Mar 24 10:17:11 mailserver postfix/smtpd[9301]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:11 mailserver postfix/smtpd[9301]: warning: unknown[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure -- Mar 24 10:17:12 mailserver postfix/smtpd[10175]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:12 mailserver postfix/smtpd[10175]: warning: XXX.XXX.XXX.XXX.dsl.telesp.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure Mar 24 10:17:13 mailserver postfix/smtpd[10175]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:13 mailserver postfix/smtpd[10175]: warning: XXX.XXX.XXX.XXX.dsl.telesp.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure -- Mar 24 10:17:14 mailserver postfix/smtpd[9939]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:14 mailserver postfix/smtpd[9939]: warning: XXX.XXX.XXX.XXX.static.ctbctelecom.com.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure -- Mar 24 10:17:15 mailserver postfix/smtpd[9939]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:15 mailserver postfix/smtpd[9939]: warning: XXX.XXX.XXX.XXX.static.ctbctelecom.com.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure -- Mar 24 10:17:15 mailserver postfix/smtpd[10394]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:15 mailserver postfix/smtpd[10394]: warning: XXX.XXX.XXX.XXX.dsl.telesp.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure -- Mar 24 10:17:15 mailserver postfix/smtpd[9129]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:15 mailserver postfix/smtpd[9129]: warning: XXX.XXX.XXX.XXX.cslce701.dsl.brasiltelecom.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure Mar 24 10:17:16 mailserver postfix/smtpd[10394]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:16 mailserver postfix/smtpd[10394]: warning: XXX.XXX.XXX.XXX.dsl.telesp.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure -- Mar 24 10:17:16 mailserver postfix/smtpd[9129]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:16 mailserver postfix/smtpd[9129]: warning: XXX.XXX.XXX.XXX.cslce701.dsl.brasiltelecom.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure Mar 24 10:17:16 mailserver postfix/smtpd[10072]: warning: SASL authentication failure: All-whitespace username. Mar 24 10:17:16 mailserver postfix/smtpd[10072]: warning: XXX.XXX.XXX.XXX.dsl.telesp.net.br[XXX.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure Anything that I can do to fix this? Thanks in advance. ps: I know the postfix version is outdated, but I'm waiting until weekend to upgrade it.
