: UGFzc3dvcmQ6
Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: too many errors
after AUTH from unknown[5.31.8.57]
Since system has warned that "too many errors after AUTH ", is there a
policy setup to stop this kind of IP? i know fail2ban, but that's a
standalone service, not
ning:
> unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: too many errors
> after AUTH from unknown[5.31.8.57]
>
> Since system has warned that "too many errors after AUTH ", is there a
> policy setup t
]: too many errors
after AUTH from unknown[5.31.8.57]
Since system has warned that "too many errors after AUTH ", is there a
policy setup to stop this kind of IP? i know fail2ban, but that's a
standalone service, not integrated into postfix itself.
https://www.spamrats.com/ bes
pd[3731732]: too many errors
> after AUTH from unknown[5.31.8.57]
>
> Since system has warned that "too many errors after AUTH ", is there a
> policy setup to stop this kind of IP? i know fail2ban, but that's a
> standalone service, not integrated into postfix itself.
Hello list,
I saw many logs like this in our server log,
Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: warning:
unknown[5.31.8.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug 9 19:48:27 mx postfix/submission/smtpd[3731732]: too many errors
after AUTH from unknown[5.31.8.57
On 7/11/2012 7:47 μμ, Noel Jones wrote:
You can check your log for things like "authentication failed" for a
failed AUTH, or "sasl_username=" when successful.My fail2ban filter
contains:
warning: .*\[\](?::\d+)?: SASL \S+ authentication failed:
Thanks Noel,
I am using:
failregex = (?i):
(That's my new
>> idea for the day. I might not be awake enough yet. :) )
>>
>
> I decided to expand my fail2ban filtering as follows:
>
> failregex = reject: RCPT from (.*)\[\]: 550
> reject: RCPT from (.*)\[\]: 554
> reject: RCPT from (.*)\[\]: 450
> too m
ows:
failregex = reject: RCPT from (.*)\[\]: 550
reject: RCPT from (.*)\[\]: 554
reject: RCPT from (.*)\[\]: 450
too many errors after AUTH from (.*)\[\]
This works, but I am not sure if I should do it or not.
Any other feedback regarding this situation will be useful.
Regards,
Nick
7 04:04:55 vmail postfix/smtpd[3100]: too many errors after
> AUTH from mail.videco.com.ar[190.220.14.235]
> Nov 7 04:04:55 vmail postfix/smtpd[3100]: disconnect from
> mail.videco.com.ar[190.220.14.235]
Is this a submission port (587) or smtp (25)? You should use "-o
syslog_name=postf
On 7/11/2012 3:46 μμ, Nikolaos Milas wrote:
Since this server does not accept unauthenticated smtp connections
except only from our gateway server and requires AUTH for all others
Server config:
[root@vmail etc]# postconf -n
alias_database = hash:/etc/postfix/aliases,
hash:/etc/postfix/alias
On 7/11/2012 3:46 μμ, Nikolaos Milas wrote:
connectionsexcept only from our gateway serverand requires AUTHfor all
others,do the above log entries depictfailed login
As a side note: sorry for the word jamming in the message; it is due to
a relatively recent Thunderbird bug (those interested m
7 04:04:53 vmail postfix/smtpd[3321]: connect from
mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:54 vmail postfix/smtpd[3184]: too many errors after AUTH
from mail.videco.com.ar[190.220.14.235]
Nov 7 04:04:54 vmail postfix/smtpd[3184]: disconnect from
mail.videco.com.ar[190.220.14.235]
Nov
12 matches
Mail list logo
