Den 2012-04-09 02:15, Daniel L. Miller skrev:
Apr 8 17:02:35 bubba assp/smtpd[7414]: warning:
unknown[110.53.26.206]: SASL LOGIN authentication failed:
UGFzc3dvcmQ6
This is much better. My remaining question is - is there a way I can
get even that first connection line to reference the remote IP?
unrelated but i see this (l)user here aswell
30 SASL authentication failed
---------------------------------------------------------------------- [
saslauthfail ] -
30 LOGIN: UGFzc3dvcmQ6
30 118.249.98.145 unknown
my own defence on this is to
http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keywords
whois 118.249.98.145
shorewall iprange firstip-lastip >/tmp/sasl
and add the sasl content to postfix with will give AUTH,SILENT-DISCARD
from
postmap -q 118.249.98.145 cidr:/path/to/cidr/map
i have seen this user from http://www.dkim-reputation.org/ reverse
aswell
so i closed my domains at there servers, dont know if its hacked or
not, but so is life
