Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (6) →
Dirk Albring
Dirk Albring
Offline

Someone trying to hack in?

Resolved
0 votes
Anybody see this sort of activity in their message logs?

ct 28 23:35:37 system saslauthd[2612]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:35:40 system saslauthd[2611]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:35:44 system saslauthd[2608]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:35:46 system saslauthd[2610]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:35:49 system saslauthd[2613]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:35:52 system saslauthd[2612]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:35:55 system saslauthd[2611]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:02 system saslauthd[2608]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:05 system saslauthd[2610]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:08 system saslauthd[2613]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:10 system saslauthd[2612]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:14 system saslauthd[2608]: do_auth         : auth failure: [user=games] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:15 system saslauthd[2610]: do_request      : NULL password received

Oct 28 23:36:16 system saslauthd[2613]: do_request      : NULL password received

Oct 28 23:36:19 system saslauthd[2611]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:22 system saslauthd[2608]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:25 system saslauthd[2610]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:28 system saslauthd[2613]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:31 system saslauthd[2612]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:34 system saslauthd[2611]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:37 system saslauthd[2608]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:40 system saslauthd[2613]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:43 system saslauthd[2608]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:46 system saslauthd[2612]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:50 system saslauthd[2611]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:52 system saslauthd[2613]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:56 system saslauthd[2610]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:36:58 system saslauthd[2612]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:01 system saslauthd[2611]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:04 system saslauthd[2608]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:07 system saslauthd[2613]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:10 system saslauthd[2612]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:13 system saslauthd[2610]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:16 system saslauthd[2611]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:19 system saslauthd[2608]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:22 system saslauthd[2611]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:25 system saslauthd[2608]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:28 system saslauthd[2613]: do_auth         : auth failure: [user=help] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:29 system saslauthd[2612]: do_request      : NULL password received

Oct 28 23:37:30 system saslauthd[2611]: do_request      : NULL password received

Oct 28 23:37:33 system saslauthd[2610]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:36 system saslauthd[2612]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:38 system saslauthd[2608]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:41 system saslauthd[2611]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:44 system saslauthd[2613]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:47 system saslauthd[2612]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:50 system saslauthd[2610]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:53 system saslauthd[2608]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:56 system saslauthd[2611]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:37:59 system saslauthd[2613]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:02 system saslauthd[2610]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:05 system saslauthd[2608]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:08 system saslauthd[2611]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:12 system saslauthd[2613]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:14 system saslauthd[2612]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:17 system saslauthd[2608]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:20 system saslauthd[2611]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:23 system saslauthd[2613]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:26 system saslauthd[2612]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:29 system saslauthd[2610]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:33 system saslauthd[2611]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:36 system saslauthd[2613]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:38 system saslauthd[2612]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:41 system saslauthd[2610]: do_auth         : auth failure: [user=ice] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:42 system saslauthd[2608]: do_request      : NULL password received

Oct 28 23:38:43 system saslauthd[2613]: do_request      : NULL password received

Oct 28 23:38:46 system saslauthd[2612]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:49 system saslauthd[2610]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:52 system saslauthd[2611]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:55 system saslauthd[2613]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:38:58 system saslauthd[2610]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:01 system saslauthd[2608]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:03 system saslauthd[2611]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:07 system saslauthd[2612]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:10 system saslauthd[2613]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:13 system saslauthd[2610]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:15 system saslauthd[2611]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:19 system saslauthd[2612]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:22 system saslauthd[2608]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:25 system saslauthd[2610]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:27 system saslauthd[2613]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:31 system saslauthd[2612]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:33 system saslauthd[2611]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:37 system saslauthd[2608]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:40 system saslauthd[2610]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:43 system saslauthd[2612]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:46 system saslauthd[2611]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:49 system saslauthd[2613]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:52 system saslauthd[2610]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:56 system saslauthd[2608]: do_auth         : auth failure: [user=info] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:39:57 system saslauthd[2612]: do_request      : NULL password received

Oct 28 23:39:58 system saslauthd[2613]: do_request      : NULL password received

Oct 28 23:40:01 system saslauthd[2610]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:04 system saslauthd[2611]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:08 system saslauthd[2608]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:11 system saslauthd[2612]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:14 system saslauthd[2610]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:17 system saslauthd[2613]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:20 system saslauthd[2608]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:23 system saslauthd[2612]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:26 system saslauthd[2611]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:29 system saslauthd[2610]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:33 system saslauthd[2608]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:36 system saslauthd[2613]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:39 system saslauthd[2611]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:42 system saslauthd[2612]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:45 system saslauthd[2608]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:48 system saslauthd[2610]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:51 system saslauthd[2613]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:54 system saslauthd[2612]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:40:57 system saslauthd[2608]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:00 system saslauthd[2610]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:03 system saslauthd[2611]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:06 system saslauthd[2613]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:09 system saslauthd[2612]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:12 system saslauthd[2608]: do_auth         : auth failure: [user=jim] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:13 system saslauthd[2610]: do_request      : NULL password received

Oct 28 23:41:14 system saslauthd[2611]: do_request      : NULL password received

Oct 28 23:41:17 system saslauthd[2608]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:21 system saslauthd[2613]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:25 system saslauthd[2610]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:27 system dnsmasq-dhcp[2022]: DHCPREQUEST(eth1) 192.168.1.185 0c:30:21:7f:03:89 

Oct 28 23:41:27 system dnsmasq-dhcp[2022]: DHCPACK(eth1) 192.168.1.185 0c:30:21:7f:03:89 iPhone

Oct 28 23:41:28 system saslauthd[2611]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:31 system saslauthd[2612]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:34 system saslauthd[2613]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:37 system saslauthd[2610]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:40 system saslauthd[2611]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:44 system saslauthd[2608]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:47 system saslauthd[2613]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:51 system saslauthd[2612]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:54 system saslauthd[2611]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:41:57 system saslauthd[2610]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:42:00 system saslauthd[2613]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:42:02 system saslauthd[2612]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:42:05 system saslauthd[2611]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:42:09 system saslauthd[2608]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]

Oct 28 23:42:12 system saslauthd[2610]: do_auth         : auth failure: [user=library] [service=smtp] [realm=Learn2Automate.com] [mech=pam] [reason=PAM auth error]


Looks like someone has a program running trying all sorts of credentials to hack in. Who goes to this effort and why? The log is a mile long over the course of two days.
In Intrusion Detection and Prevention
Thursday, October 31 2013, 01:19 AM
Subscribe via email
Share this post:
Responses (6)

  • Accepted Answer

    jeff1965
    jeff1965
    Offline
    Tuesday, November 19 2013, 01:27 PM - #Permalink
    Resolved
    0 votes
    I broke down and bought the intrusion prevention updates. Best thing I ever did with this server. Its blocking between 10 and 25 every 2-3 days
    The reply is currently minimized Show

  • Accepted Answer

    Paul
    Paul
    Offline
    Thursday, October 31 2013, 02:37 PM - #Permalink
    Resolved
    0 votes
    Install it by something like 
    yum --enablerepo=clearos-epel --enablerepo=clearos-core install fail2ban


    then you need to configure /etc/fail2ban/jail.conf

    I also made a change to /etc/fail2ban/filter.d/sasl.conf as detailed by Tim in this thread http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,34519/
    The reply is currently minimized Show

  • Accepted Answer

    Tim Burgess
    Tim Burgess
    Offline
    Thursday, October 31 2013, 02:19 PM - #Permalink
    Resolved
    1 votes
    Theres a how to in the forum somewhere

    It blocks traffic to the specific IP address for a period of time (via iptables entries)
    The reply is currently minimized Show

  • Accepted Answer

    Dirk Albring
    Dirk Albring
    Offline
    Thursday, October 31 2013, 01:59 PM - #Permalink
    Resolved
    0 votes
    Any reviews from the Community on fail2ban?

    Is there a GUI for it?

    Does it only shut down IP traffic for a length of time to those addresses that it banned, or does it shut down all IP traffic to the nic that's being hacked?
    The reply is currently minimized Show

  • Accepted Answer

    Tim Burgess
    Tim Burgess
    Offline
    Thursday, October 31 2013, 01:05 PM - #Permalink
    Resolved
    0 votes
    Yes, check out fail2ban or disable SMTP authentication and specify explicit trusted network hosts that can use your SMTP server

    I really wish saslauthd / postfix would implement some kind of max number of retries to prevent it without having to use a third party log watching daemon
    The reply is currently minimized Show

  • Accepted Answer

    Paul
    Paul
    Offline
    Thursday, October 31 2013, 08:56 AM - #Permalink
    Resolved
    0 votes
    I get these. They tend to happen at the weekend overnight. This week I installed fail2ban to see if I can stop people trying this sort of attack. I dont know if it works though as no one has tried this sort of hack against me since.
    The reply is currently minimized Show
Your Reply