Jim Garrison:
> On 6/6/2022 3:13 AM, Jaroslaw Rafa wrote:
> > Dnia 5.06.2022 o godz. 23:29:05 julio covolato pisze:
> >>
> >> I would like to know why these messages appear in the mail.log,
> >> I know that "UGFzc3dvcmQ6" is base64 encoded for "Password:".
> >> Is this some misconfigured internet mail server system (Windows)?
> >
> > Rather not a misconfigured server, but some stupid bot trying to guess
> > passwords. It is a comonly observed thing.
> >
> >> Blocking these IPs with fail2ban is a good idea?
> >
> > Probably yes.
>
> I recently saw this when I rebuilt a Postfix server and forgot to
> update a client's password when it changed on the server.
>
> It seems the error message always contains the base64 encoding of
> "Password:" regardless of the actual userid/password.
>
> Anybody know why the error message displays this (base64 encoded)?
Instead of logging the last user's input, which could be a password,
Postfix logs the last output from the SASL implementation. Postfix
does not understand SASL protocols, it just proxies messages between
the SMTP client and the Cyrus library or Dovecot.
After successful login, Postfix gets the username from the Cyrus
library or from Dovecot. I would not expect that such information is
available before a successful login, but someone could prove me wrong.
Wietse
