Hi, server gets smtp login attacks but firewall cant ban them because there is no IP in logs... like this in var/log/messages:
Mar 13 16:00:05 sunucu saslauthd[1484]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:07 sunucu saslauthd[1483]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:09 sunucu saslauthd[1485]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:11 sunucu saslauthd[1482]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:12 sunucu saslauthd[1484]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:15 sunucu saslauthd[1482]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
...
...
Software versions:
Operating system CentOS Linux 7.4.1708
Perl version 5.016003
Path to Perl /usr/bin/perl
BIND version 9.9
Postfix version 2.10.1
Mail injection command /usr/lib/sendmail -t
Apache version 2.4.6
PHP versions 5.4.16, 7.0.10, 7.1.8
Logrotate version 3.8.6
MySQL version 10.1.31-MariaDB
Any idea to fix this?
I have the same problem, Any ideas?
Did you check var/log/maillog or mail? This is the place where you should find and see detailed reports of any login attempts to your mail server and logs of any email you sent or received.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.