[BlueOnyx:15625] Re: Saslauthd Errors
Larry Smith
lesmith at ecsis.net
Mon Jul 7 13:22:24 -05 2014
Or they are "password" fishing. Pick an account, try smtp-auth with
that username and a list of possible passwords, rinse, repeat. If they
ever get one you will immediately see the spam start to flow (most
likely from a different IP than the one that cracked it). I had one
occurence where the account was cracked (had logs of that) and sixteen
other IP immediately started sending with those credentials...
--
Larry Smith
lesmith at ecsis.net
On Mon July 7 2014 13:49, Chuck Tetlow wrote:
> Richard,
>
> It looks like someone is trying to break into your system with the generic
> username "webmaster". Be thankful that you are getting those messages - it
> means the scum didn't get in.
>
> Actually, since that was saslauthd - they're trying to relay e-mail through
> your server (probably SPAM). Check with the owner of that domain - to see
> if they've got a new user named "webmaster" that might be trying to send
> e-mail. They're probably not correctly configured for SMTP Auth, and its
> causing the errors.
>
> Or just ignore it. Nothing hurt, since they're not able to relay....
>
>
>
> Chuck
>
>
> ---------- Original Message -----------
> From: "Richard Sidlin" <richard at sidlin.co.uk>
> To: <blueonyx at mail.blueonyor
>
>
> x.it>
> Sent: Mon, 7 Jul 2014 18:51:50 +0100
> Subject: [BlueOnyx:15623] Saslauthd Errors
>
> > Hi
> >
> > These errors keep popping up every few minutes. What do I need to do to
> > fix please?
> > Jul 7 18:49:53 mk-bo4 saslauthd[1445]: do_auth : auth failure:
> > [user=webmaster] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
> > Jul 7 18:49:54 mk-bo4 saslauthd[1447]: do_auth : auth failure:
> > [user=webmaster] [service=smtp] [realm=xxxx.com] [mech=shadow]
> > [reason=Unknown]
> > Thanks as always
> >
> > Rich
>
> ------- End of Original Message -------
More information about the Blueonyx
mailing list