[BlueOnyx:15627] Re: Saslauthd Errors

Richard Sidlin richard at sidlin.co.uk
Mon Jul 7 13:40:49 -05 2014 

OK, I am seeing the IP's in the maillog with a "did not issue etc" statement. No sooner do I add the offending IP's, another one starts! Oh well, I will just keep an eye on things.

Thanks for your help.

> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-
> bounces at mail.blueonyx.it] On Behalf Of Larry Smith
> Sent: 07 July 2014 19:22
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:15625] Re: Saslauthd Errors
> 
> Or they are "password" fishing.  Pick an account, try smtp-auth with that
> username and a list of possible passwords, rinse, repeat.  If they ever get
> one you will immediately see the spam start to flow (most likely from a
> different IP than the one that cracked it).  I had one occurence where the
> account was cracked (had logs of that) and sixteen other IP immediately
> started sending with those credentials...
> 
> --
> Larry Smith
> lesmith at ecsis.net
> 
> On Mon July 7 2014 13:49, Chuck Tetlow wrote:
> >  Richard,
> >
> > It looks like someone is trying to break into your system with the
> > generic username "webmaster".  Be thankful that you are getting those
> > messages - it means the scum didn't get in.
> >
> > Actually, since that was saslauthd - they're trying to relay e-mail
> > through your server (probably SPAM).  Check with the owner of that
> > domain - to see if they've got a new user named "webmaster" that might
> > be trying to send e-mail.  They're probably not correctly configured
> > for SMTP Auth, and its causing the errors.
> >
> > Or just ignore it.  Nothing hurt, since they're not able to relay....
> >
> >
> >
> > Chuck
> >
> >
> > ---------- Original Message -----------
> >  From: "Richard Sidlin" <richard at sidlin.co.uk>
> >  To: <blueonyx at mail.blueonyor
> >
> >
> > x.it>
> >  Sent: Mon, 7 Jul 2014 18:51:50 +0100
> >  Subject: [BlueOnyx:15623]  Saslauthd Errors
> >
> > > Hi
> > >
> > > These errors keep popping up every few minutes. What do I need to do
> > > to fix please?
> > > Jul  7 18:49:53 mk-bo4 saslauthd[1445]: do_auth         : auth failure:
> > > [user=webmaster] [service=smtp] [realm=] [mech=shadow]
> > > [reason=Unknown] Jul  7 18:49:54 mk-bo4 saslauthd[1447]: do_auth         :
> auth failure:
> > > [user=webmaster] [service=smtp] [realm=xxxx.com] [mech=shadow]
> > > [reason=Unknown] Thanks as always
> > >
> > > Rich
> >
> > ------- End of Original Message -------
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.

More information about the Blueonyx mailing list