li...@lazygranch.com:
> Apr 17 07:27:11 mydomain postfix/smtpd[21897]: disconnect from
> mone183.secundiarourous.com[141.98.10.183] ehlo=1 auth=0/1 quit=1 commands=2/3
Wietse:
> They send quit after sending EHLO and AUTH (which failed). I use
> the regexp "auth=./" to identify password-guessing bots.
Francesc Pe?alvez:
> Is it possible to identify which password smtp is trying to use? if so I
> would like to know how
Postfix does not know how SASL protocols work. It passes the
client's input to a SASL backend (Cyrus SASL library or Dovecot
auth server). Maybe they can log what is going on.
Wietse
