saslauthd: do_auth : auth failure:

Support for security such as Firewalls and securing linux
Post Reply
yngens
Posts: 29
Joined: 2010/10/24 02:02:35

saslauthd: do_auth : auth failure:

Post by yngens » 2016/01/13 10:04:56

I see persistent authentication attempts on /var/log/messages:

Code: Select all

Jan 13 02:00:05 ns1 saslauthd[912]: do_auth         : auth failure: [user=manager] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:11 ns1 saslauthd[910]: do_auth         : auth failure: [user=system] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:18 ns1 saslauthd[909]: do_auth         : auth failure: [user=office] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:24 ns1 saslauthd[913]: do_auth         : auth failure: [user=spam] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:30 ns1 saslauthd[912]: do_auth         : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:37 ns1 saslauthd[910]: do_auth         : auth failure: [user=sales] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:43 ns1 saslauthd[909]: do_auth         : auth failure: [user=marketing] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:50 ns1 saslauthd[913]: do_auth         : auth failure: [user=postgres] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:00:57 ns1 saslauthd[902]: do_auth         : auth failure: [user=tomcat] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:03 ns1 saslauthd[909]: do_auth         : auth failure: [user=contact] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:10 ns1 saslauthd[912]: do_auth         : auth failure: [user=newsletter] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:16 ns1 saslauthd[910]: do_auth         : auth failure: [user=smtp] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:23 ns1 saslauthd[909]: do_auth         : auth failure: [user=data] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:29 ns1 saslauthd[913]: do_auth         : auth failure: [user=root] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:35 ns1 saslauthd[902]: do_auth         : auth failure: [user=company] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:40 ns1 saslauthd[909]: do_auth         : auth failure: [user=student] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:47 ns1 saslauthd[910]: do_auth         : auth failure: [user=order] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:53 ns1 saslauthd[912]: do_auth         : auth failure: [user=info] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:01:58 ns1 saslauthd[902]: do_auth         : auth failure: [user=support] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:04 ns1 saslauthd[913]: do_auth         : auth failure: [user=customers] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:11 ns1 saslauthd[912]: do_auth         : auth failure: [user=oracle] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:17 ns1 saslauthd[909]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:23 ns1 saslauthd[902]: do_auth         : auth failure: [user=postmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:30 ns1 saslauthd[912]: do_auth         : auth failure: [user=michael] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:36 ns1 saslauthd[910]: do_auth         : auth failure: [user=news] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:42 ns1 saslauthd[913]: do_auth         : auth failure: [user=tester] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:48 ns1 saslauthd[902]: do_auth         : auth failure: [user=fax] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:02:54 ns1 saslauthd[912]: do_auth         : auth failure: [user=ftp] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:00 ns1 saslauthd[910]: do_auth         : auth failure: [user=abuse] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:06 ns1 saslauthd[902]: do_auth         : auth failure: [user=administrator] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:12 ns1 saslauthd[913]: do_auth         : auth failure: [user=pop3] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:18 ns1 saslauthd[912]: do_auth         : auth failure: [user=www] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:23 ns1 saslauthd[909]: do_auth         : auth failure: [user=test] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:29 ns1 saslauthd[910]: do_auth         : auth failure: [user=service] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jan 13 02:03:34 ns1 saslauthd[902]: do_auth         : auth failure: [user=webmaster] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Unfortunately, there is no information about IP address of the source. How can I protect my server from this kind of authentication attempts?

aks
Posts: 2844
Joined: 2014/09/20 11:22:14

Re: saslauthd: do_auth : auth failure:

Post by aks » 2016/01/22 23:37:38

Only allow connections to smtpd from "allowed" sources??

Post Reply

Return to “CentOS 7 - Security Support”