View Single Post
  #1  
Old 18th November 2007, 21:35
princebenin princebenin is offline
Junior Member
 
Join Date: Nov 2006
Posts: 16
Thanks: 3
Thanked 1 Time in 1 Post
Default Mail server attack

Hello,

In spite of the installation of "Blockhost" "I still continuous be the target of attack, can someone help me?.

Extract of /var/log/auth.log
Code:
Nov 18 13:32:32 myserver saslauthd[2620]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:32:34 myserver saslauthd[2620]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:32:34 myserver saslauthd[2620]: do_auth         : auth failure: [user=passwd] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:32:40 myserver saslauthd[2622]: (pam_unix) check pass; user unknown
Nov 18 13:32:40 myserver saslauthd[2622]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:32:42 myserver saslauthd[2622]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:32:42 myserver saslauthd[2622]: do_auth         : auth failure: [user=123456] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:32:47 myserver saslauthd[2618]: (pam_unix) check pass; user unknown
Nov 18 13:32:47 myserver saslauthd[2618]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:32:49 myserver saslauthd[2618]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:32:49 myserver saslauthd[2618]: do_auth         : auth failure: [user=newpass] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:32:53 myserver saslauthd[2619]: (pam_unix) check pass; user unknown
Nov 18 13:32:53 myserver saslauthd[2619]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:32:55 myserver saslauthd[2619]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:32:55 myserver saslauthd[2619]: do_auth         : auth failure: [user=notused] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:33:01 myserver saslauthd[2621]: (pam_unix) check pass; user unknown
Nov 18 13:33:01 myserver saslauthd[2621]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:33:02 myserver saslauthd[2621]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:33:01 myserver saslauthd[2621]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:33:02 myserver saslauthd[2621]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:33:02 myserver saslauthd[2621]: do_auth         : auth failure: [user=Hockey] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:33:08 myserver saslauthd[2620]: (pam_unix) check pass; user unknown
Nov 18 13:33:08 myserver saslauthd[2620]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:33:10 myserver saslauthd[2620]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:33:10 myserver saslauthd[2620]: do_auth         : auth failure: [user=internet] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:33:15 myserver saslauthd[2622]: (pam_unix) check pass; user unknown
Nov 18 13:33:15 myserver saslauthd[2622]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:33:17 myserver saslauthd[2622]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:33:17 myserver saslauthd[2622]: do_auth         : auth failure: [user=*******] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:33:23 myserver saslauthd[2619]: (pam_unix) check pass; user unknown
Nov 18 13:33:23 myserver saslauthd[2619]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:33:25 myserver saslauthd[2619]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Nov 18 13:33:25 myserver saslauthd[2619]: do_auth         : auth failure: [user=Maddock] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Nov 18 13:33:30 myserver saslauthd[2618]: (pam_unix) check pass; user unknown
Nov 18 13:33:30 myserver saslauthd[2618]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Nov 18 13:33:32 myserver saslauthd[2618]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module

Extract of my file /var/log/mail.info
Code:
Nov 18 15:18:42 myserver postfix/smtpd[31185]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:18:43 myserver postfix/smtpd[31185]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:18:49 myserver postfix/smtpd[31248]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:18:49 myserver postfix/smtpd[31183]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:18:50 myserver postfix/smtpd[31248]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:18:57 myserver postfix/smtpd[31183]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:18:57 myserver postfix/smtpd[30761]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:18:58 myserver postfix/smtpd[31183]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:04 myserver postfix/smtpd[30761]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:19:04 myserver postfix/smtpd[31188]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:05 myserver postfix/smtpd[30761]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:11 myserver postfix/smtpd[31188]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:19:12 myserver postfix/smtpd[31185]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:13 myserver postfix/smtpd[31188]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:28 myserver postfix/smtpd[30761]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:34 myserver postfix/smtpd[31248]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:35 myserver postfix/smtpd[31188]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:19:36 myserver postfix/smtpd[31188]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:42 myserver postfix/smtpd[31248]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:19:42 myserver postfix/smtpd[31183]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:43 myserver postfix/smtpd[31248]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:49 myserver postfix/smtpd[31183]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:19:50 myserver postfix/smtpd[31185]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:50 myserver postfix/smtpd[31183]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:57 myserver postfix/smtpd[31248]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:19:57 myserver postfix/smtpd[31185]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:19:58 myserver postfix/smtpd[31185]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:20:04 myserver postfix/smtpd[31183]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Nov 18 15:20:05 myserver postfix/smtpd[31248]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure
Nov 18 15:20:06 myserver postfix/smtpd[31248]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
Reply With Quote
Sponsored Links