On Mon, 17 Oct 2011, Simon Brereton wrote:
Hi
This is a new one on me - I've never seen spammers attempt to use to SASL Auth
to inject spam. Has anyone else seen this?
Oct 17 15:07:16 mail postfix/smtpd[14422]: connect from unknown[208.86.147.92]
Oct 17 15:07:16 mail dovecot: auth(default):
passdb(newslet...@mydomain.net,208.86.147.92): Attempted login with password
having illegal chars
Oct 17 15:07:17 mail dovecot: pop3-login: Disconnected (auth failed, 1 attempts):
user=<t...@mydomain.net>, method=PLAIN, rip=208.86.147.92, lip=83.170.64.84
Oct 17 15:07:18 mail postfix/smtpd[14403]: warning: 208.86.147.92: hostname
default-208-86-147-92.nsihosting.net verification failed: Name or service not
known
Not new here. I'm using Dovecot auth in Postfix:
Oct 25 04:03:31 mailhost postfix/smtpd[4032]: connect from
unknown[190.234.148.223]:4139
Oct 25 04:03:36 mailhost dovecot: auth: sql(n...@example.com,190.234.148.223):
Password mismatch (SHA1 of given password: ****)
Oct 25 04:03:46 mailhost postfix/smtpd[4032]: disconnect from
unknown[190.234.148.223]:4139
I'm using sshguard on FreeBSD to block these.
