Marek Kozlowski:
> On 02/25/2017 05:05 PM, Wietse Venema wrote:
> > Marek Kozlowski:
> >> It looks like the solution is quite simple: the strange bahaviour of my
> >> system occurs cause in those cases address rewriting occurs twice. There
> >
> > http://www.postfix.org/FILTER_README.html
> >
> >
On 02/22/2017 03:49 PM, Marek Kozlowski wrote:
> :-)
>
>>> I won't answer to follow-up unless they are concrete enough (includinbg
>>> Postfix build information) that they can be verified independently.
>>
>> I don't think that someone modified the sources cause that is ArchLinux
>> which almost a
> On Feb 25, 2017, at 1:42 PM, James wrote:
>
> Log parsing: exactly, but how do I log it?
You don't need per-event log entries for this. It suffices to identify
the "auth=0/n" log entries at the end of each SMTP connection.
--
Viktor.
which gathers information on botnets is good. This looks like a
possible case for log parsing and fail2ban. But I bet we usually
All good comments. Thank you.
Log parsing: exactly, but how do I log it? (Answer from elsewhere in this
topic is that I don't, in this case.)
fail2ban: instead,
Thank you for all the replies.
I was wondering if I was missing a postfix setting that would log this info and
the answer is that I'm not.
So, question answered.
I am highly confident that if I could see this logged then the vast majority of it would
indeed be "oh yeah, random/hopeless attemp
Wietse Venema:
> James:
> > I was hoping there might be some setting that would cause log entries like:
> >
> > postfix/smtpd[12345]: NOQUEUE: AUTH rejected from
> > client.example.com[0.1.2.3], sasl_method=PLAIN, sasl_username=spam_r_us
>
> Postfix does not implement SASL - the SASL SASL librar
James:
> I was hoping there might be some setting that would cause log entries like:
>
> postfix/smtpd[12345]: NOQUEUE: AUTH rejected from
> client.example.com[0.1.2.3], sasl_method=PLAIN, sasl_username=spam_r_us
Postfix does not implement SASL - the SASL SASL library does.
Therefore, details of
On Sat, Feb 25, 2017 at 08:23:44AM +, Dominic Raferd wrote:
> On 25/02/2017 05:28, Noel Jones wrote:
> >On 2/24/2017 5:55 PM, James wrote:
> >>I was hoping there might be some setting that would cause log
> >>entries like:
> >>
> >>postfix/smtpd[12345]: NOQUEUE: AUTH rejected from
> >>client.e
On 25/02/2017 05:28, Noel Jones wrote:
On 2/24/2017 5:55 PM, James wrote:
Current versions of postfix will log that AUTH was attempted, but do
not log what the client sends. You can grep the logs for 'auth=0'
to see unsuccessful auth attempts.
postfix/smtpd[58629]: disconnect from unknown[192.
