On 2024-08-09 17:06, Benny Pedersen via Postfix-users wrote:
Corey H via Postfix-users skrev den 2024-08-09 13:53:
Hello list,
I saw many logs like this in our server log,
Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: warning:
unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFz
Maybe I can add something useful here:
On most systems there is not only one server running but many more.
I use a combination of blacklists plus an "overall protection". I am really a
friend of
CrowdSec | Curated Threat Intelligence Powered by the Crowd
which serves its purpose very well.
Ma
Corey H via Postfix-users skrev den 2024-08-09 13:53:
Hello list,
I saw many logs like this in our server log,
Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: warning:
unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]:
Corey H via Postfix-users:
> Hello list,
>
> I saw many logs like this in our server log,
>
> Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: warning:
> unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: too many error
> Dnia 18.05.2021 o godz. 19:46:30 Juerg Reimann pisze:
> >
> > I have a customer with a newsletter that has apparently a large number of
> > invalid email addresses. When he tries to send mail through my server,
> > postfix cuts the smtp session after a while with "too many errors after
> > RCPT".
> > Hi there
> >
> > I have a customer with a newsletter that has apparently a large
> > number of invalid email addresses. When he tries to send mail
> > through my server, postfix cuts the smtp session after a while
> > with "too many errors after RCPT".
>
> And I suppose that this SMTP does not
Dnia 18.05.2021 o godz. 19:46:30 Juerg Reimann pisze:
>
> I have a customer with a newsletter that has apparently a large number of
> invalid email addresses. When he tries to send mail through my server,
> postfix cuts the smtp session after a while with "too many errors after
> RCPT".
>
> How c
Juerg Reimann:
> Hi there
>
> I have a customer with a newsletter that has apparently a large
> number of invalid email addresses. When he tries to send mail
> through my server, postfix cuts the smtp session after a while
> with "too many errors after RCPT".
And I suppose that this SMTP does not
On 05-18-2021 1:46 pm, Juerg Reimann wrote:
How can I allow him to send his newsletter, even though many false, no
longer valid email addresses? Preferably I'd like to only allow
I always wondered why my mail server gets repeatedly spammed with
invalid email addresses from spamsters. I wondered
natan maciej milaszewski:
> Hi
> I added zabbix to test connections - all works fine but sometimes i
> found in logs "too many errors after EHLO"
>
> logs:
>
> Feb 10 20:49:21 thebe4 postfix/smtpd[6609]: connect from
> zabbix.domain.ltd[xxx.xxx.xxx.68]
> Feb 10 20:49:21 thebe4 postfix/smtpd[6609]
Alex:
> It sounds like it's safe to assume that properly configured and
> operating machines won't generate these RCPT and DATA errors?
I suppose that the word "error" speaks for itself.
Wietse
Hi,
On Tue, Dec 24, 2013 at 3:21 PM, Viktor Dukhovni
wrote:
> On Tue, Dec 24, 2013 at 03:11:11PM -0500, Wietse Venema wrote:
>
>> > Dec 24 11:33:10 mail02 postfix/smtpd[8603]: too many errors after DATA
>> > from unknown[23.92.90.231]
>
> NetRange: 23.92.90.224 - 23.92.90.239
> CIDR
On Tue, Dec 24, 2013 at 03:11:11PM -0500, Wietse Venema wrote:
> > Dec 24 11:33:10 mail02 postfix/smtpd[8603]: too many errors after DATA
> > from unknown[23.92.90.231]
NetRange: 23.92.90.224 - 23.92.90.239
CIDR: 23.92.90.224/28
OriginAS: AS19531
NetName:
Alex:
> I'm receiving messages similar to the following on three mail servers
> on two separate networks with postfix-2.9:
>
> Dec 24 11:33:10 mail02 postfix/smtpd[8603]: too many errors after DATA
> from unknown[23.92.90.231]
> Dec 24 11:48:06 mail01 postfix/smtpd[14470]: too many errors after
>
On 7/11/2012 7:47 μμ, Noel Jones wrote:
You can check your log for things like "authentication failed" for a
failed AUTH, or "sasl_username=" when successful.My fail2ban filter
contains:
warning: .*\[\](?::\d+)?: SASL \S+ authentication failed:
Thanks Noel,
I am using:
failregex = (?i):
On 11/7/2012 10:50 AM, Nikolaos Milas wrote:
> On 7/11/2012 6:10 μμ, /dev/rob0 wrote:
>
>> Is this a submission port (587) or smtp (25)? You should use "-o
>> syslog_name=postfix/submission" for submission in master.cf, to
>> distinguish logging of smtp vs. submission.
>
> Thanks for the reply.
>
On 7/11/2012 6:10 μμ, /dev/rob0 wrote:
Is this a submission port (587) or smtp (25)? You should use "-o
syslog_name=postfix/submission" for submission in master.cf, to
distinguish logging of smtp vs. submission.
Thanks for the reply.
I do; this is smtp, not submission.
ISTM that if submissi
On Wed, Nov 07, 2012 at 03:46:38PM +0200, Nikolaos Milas wrote:
> During the night, for many hours, we logged several thousand of such
> entries(always the same server):
>
> Nov 7 04:04:52 vmail postfix/smtpd[3100]: connect from
> mail.videco.com.ar[190.220.14.235]
> Nov 7 04:04:55 vmail postfix
On 7/11/2012 3:46 μμ, Nikolaos Milas wrote:
Since this server does not accept unauthenticated smtp connections
except only from our gateway server and requires AUTH for all others
Server config:
[root@vmail etc]# postconf -n
alias_database = hash:/etc/postfix/aliases,
hash:/etc/postfix/alias
On 7/11/2012 3:46 μμ, Nikolaos Milas wrote:
connectionsexcept only from our gateway serverand requires AUTHfor all
others,do the above log entries depictfailed login
As a side note: sorry for the word jamming in the message; it is due to
a relatively recent Thunderbird bug (those interested m
20 matches
Mail list logo
