These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for auth.log spam with saslauth entry on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy,
You may want to review your /var/log/mail.log file to see if someone is perhaps repeatedly trying to log into Postfix but failing. If that's the case, you would see the ip address in that file.
If it's a legitimate user, you could help them correct it. And if it's not, you could ban that IP address.
-Eric
thanks Eric,
you are in the right way ! I have many : warning: SASL authentication failure: Password verification failed May 12 08:18:46 Servername postfix/smtpd[18718]: warning: unknown[154.121.251.42] SASL PLAIN authentication failed: authentication failure May 12 08:18:49 Servername postfix/smtpd[18718]: warning: unknown[154.121.251.42] SASL LOGIN authentication failed: authentication failure
I have already a jail in fail2ban which was a good job ! $iptables -L fail2ban-postfix-sasl | wc -l 302
Do you have any warning or error lines in maillog with same time as this error in auth.log?
EDIT: This is what happens when i wait too long to press "save". Bummer. :)
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
I noticed that I had enormously : in /var/log/mail.log I have a new jail [postfix-sasl] in fail2ban:
warning: unknown[85.185.194.187] SASL LOGIN authentication failed: authentication failure May 12 08:28:20 nameserver postfix/smtpd[20594]: disconnect from unknown[85.185.194.187] May 12 08:28:20 nameserver postfix/smtpd[20634]: warning: unknown[85.26.165.157] SASL LOGIN authentication failed: authentication failure
And
iptables -L fail2ban-postfix-sasl | wc -l302
And i'll imagine it's normal ...