post...@ptld.com:
> Just to clarify, does this error mean they requested SASL login and postfix
> told them it wasn't enabled?
> I am under the belief SASL logins are disabled on port 25.
> (smtpd_sasl_auth_enable = no)
> Or does it mean postfix allowed them to provide login details and it failed
> because of bad user/pass?
> I just want to verify its not enabled, because they repeatedly did this like
> a dictionary brute force attempt.
>
>
> postfix/smtpd[1940626]: connect from unknown[5.34.207.103]
> postfix/smtpd[1940626]: warning: unknown[5.34.207.103]: SASL LOGIN
> authentication failed: UGFzc3dvcmQ6
SASL was enabled, because with SASL support disabled (or not compiled
in), Postfix would not know what to do with AUTH commands. Postfix
does not log details of unknown or unsupported commands as that
would allow an attacker to flood the log.
Wietse
