There are a large number of authentication failures on my system. Is
there a debugging switch or configuration setting where I can set it to
show the userID that is failing? It shows the UserID that successfully
logs in.
I would like to know if my users are having problems, or if it's (what
is most likely the case) of someone randomly trying userID with attempts
to break in.
Thanks in advance for any comments on the matter.
The logs are:
Nov 20 03:33:05 ubuntuserver postfix/smtpd[25546]: disconnect from
unknown[36.35.100.145]
Nov 20 03:33:05 ubuntuserver postfix/smtpd[25549]: Anonymous TLS
connection established from unknown[37.230.228.210]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
Nov 20 03:33:06 ubuntuserver postfix/smtpd[25549]: warning: SASL
authentication failure: Password verification failed
Nov 20 03:33:06 ubuntuserver postfix/smtpd[25549]: warning:
unknown[37.230.228.210]: SASL PLAIN authentication failed:
authentication failure
Nov 20 03:33:14 ubuntuserver postfix/smtpd[25549]: lost connection after
AUTH from unknown[37.230.228.210]
Nov 20 03:33:14 ubuntuserver postfix/smtpd[25549]: disconnect from
unknown[37.230.228.210]
Nov 20 03:33:14 ubuntuserver postfix/smtpd[25514]: lost connection after
AUTH from unknown[37.230.228.210]
Nov 20 03:33:14 ubuntuserver postfix/smtpd[25514]: disconnect from
unknown[37.230.228.210]
Nov 20 03:36:34 ubuntuserver postfix/anvil[25530]: statistics: max
connection rate 2/60s for (smtp:37.230.228.210) at Nov 20 03:33:04
Nov 20 03:36:34 ubuntuserver postfix/anvil[25530]: statistics: max
connection count 2 for (smtp:37.230.228.210) at Nov 20 03:33:04
Nov 20 03:36:34 ubuntuserver postfix/anvil[25530]: statistics: max cache
size 2 at Nov 20 03:33:03
Nov 20 03:39:40 ubuntuserver postfix/smtpd[27171]: connect from
unknown[95.72.48.232]
Nov 20 03:39:40 ubuntuserver postfix/smtpd[27171]: Anonymous TLS
connection established from unknown[95.72.48.232]: TLSv1 with cipher
AES128-SHA (128/128 bits)
Nov 20 03:39:41 ubuntuserver postfix/smtpd[27171]: warning: SASL
authentication failure: Password verification failed
Nov 20 03:39:41 ubuntuserver postfix/smtpd[27171]: warning:
unknown[95.72.48.232]: SASL PLAIN authentication failed: authentication
failure
Nov 20 03:39:42 ubuntuserver postfix/smtpd[27174]: connect from
unknown[95.72.48.232]
Nov 20 03:39:43 ubuntuserver postfix/smtpd[27174]: Anonymous TLS
connection established from unknown[95.72.48.232]: TLSv1 with cipher
AES128-SHA (128/128 bits)
Nov 20 03:39:44 ubuntuserver postfix/smtpd[27174]: warning: SASL
authentication failure: Password verification failed
Nov 20 03:39:44 ubuntuserver postfix/smtpd[27174]: warning:
unknown[95.72.48.232]: SASL PLAIN authentication failed: authentication
failure
Nov 20 03:40:03 ubuntuserver postfix/smtpd[27171]: lost connection after
AUTH from unknown[95.72.48.232]
Nov 20 03:40:03 ubuntuserver postfix/smtpd[27171]: disconnect from
unknown[95.72.48.232]
Nov 20 03:40:03 ubuntuserver postfix/smtpd[27174]: lost connection after
AUTH from unknown[95.72.48.232]
Nov 20 03:40:03 ubuntuserver postfix/smtpd[27174]: disconnect from
unknown[95.72.48.232]
Nov 20 03:41:41 ubuntuserver postfix/smtpd[27171]: connect from
unknown[80.82.64.102]
Nov 20 03:41:41 ubuntuserver postfix/smtpd[27174]: connect from
unknown[80.82.64.102]
Nov 20 03:41:41 ubuntuserver postfix/smtpd[27171]: warning:
unknown[80.82.64.102]: SASL LOGIN authentication failed: authentication
failure
Nov 20 03:41:41 ubuntuserver postfix/smtpd[27171]: disconnect from
unknown[80.82.64.102]
Nov 20 03:41:42 ubuntuserver postfix/smtpd[27174]: warning:
unknown[80.82.64.102]: SASL LOGIN authentication failed: authentication
failure
Nov 20 03:41:42 ubuntuserver postfix/smtpd[27174]: disconnect from
unknown[80.82.64.102]
Nov 20 03:44:45 ubuntuserver postfix/smtpd[28481]: connect from
unknown[80.82.64.102]
Nov 20 03:44:46 ubuntuserver postfix/smtpd[28481]: warning:
unknown[80.82.64.102]: SASL LOGIN authentication failed: authentication
failure
Nov 20 03:44:46 ubuntuserver postfix/smtpd[28481]: disconnect from
unknown[80.82.64.102]
-- L. James
--
L. D. James
lja...@apollo3.com
www.apollo3.com/~ljames
