[BlueOnyx:15626] Re: Saslauthd Errors

[Richard Sidlin]

Thanks Chuck.

 

Is it possible to tell which IP they are coming from so that I can block it?

 

 

 

 

Richard, 

It looks like someone is trying to break into your system with the generic
username "webmaster".  Be thankful that you are getting those messages - it
means the scum didn't get in.  

Actually, since that was saslauthd - they're trying to relay e-mail through
your server (probably SPAM).  Check with the owner of that domain - to see
if they've got a new user named "webmaster" that might be trying to send
e-mail.  They're probably not correctly configured for SMTP Auth, and its
causing the errors. 

Or just ignore it.  Nothing hurt, since they're not able to relay.... 



Chuck 


---------- Original Message ----------- 
From: "Richard Sidlin" <richard at sidlin.co.uk> 
To: <blueonyx at mail.blueonyor
<mailto:blueonyx at mail.blueonyor%20%0b%0b%0bx.it> 


x.it> 
Sent: Mon, 7 Jul 2014 18:51:50 +0100 
Subject: [BlueOnyx:15623]  Saslauthd Errors 

> Hi 
>   
> These errors keep popping up every few minutes. What do I need to do to
fix please? 
>   
> Jul  7 18:49:53 mk-bo4 saslauthd[1445]: do_auth         : auth failure:
[user=webmaster] [service=smtp] [realm=] [mech=shadow] [reason=Unknown] 
> Jul  7 18:49:54 mk-bo4 saslauthd[1447]: do_auth         : auth failure:
[user=webmaster] [service=smtp] [realm=xxxx.com] [mech=shadow]
[reason=Unknown] 
>   
> Thanks as always 
>   
> Rich 
------- End of Original Message ------- 

-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140707/390ec01f/attachment.html>