Postfix/smtpd authentication failures with correct details

Discussion in 'Server Operation' started by James A, May 2, 2014.

  1. James A

    James A Member HowtoForge Supporter

    Hi all

    This morning we had an issue where the server appeared to stop taking smtp connections simply giving an authentication error. The passwords were correct as everything started working again after a reboot having had the issue for about 1 hour.

    Looking in the log I have the following:

    May 2 07:59:54 srv5 postfix/smtpd[23815]: connect from unknown[5.86.38.17]
    May 2 07:59:55 srv5 pop3d: Connection, ip=[::ffff:83.170.136.21]
    May 2 07:59:55 srv5 postfix/smtpd[23815]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 07:59:55 srv5 postfix/smtpd[23815]: lost connection after AUTH from unknown[5.86.38.17]
    May 2 07:59:55 srv5 postfix/smtpd[23815]: disconnect from unknown[5.86.38.17]

    Doing a grep on the warning message over a 10 minute period I did notice the reference number after smtpd did appear to repeat which I thought was odd, or is this simply indicating a cached connection????

    May 2 08:32:40 srv5 postfix/smtpd[26192]: warning: unknown[46.218.244.37]: SASL LOGIN authentication failed: authentication failure
    May 2 08:33:38 srv5 postfix/smtpd[27585]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:33:41 srv5 postfix/smtpd[27585]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:33:44 srv5 postfix/smtpd[27585]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:34:00 srv5 postfix/smtpd[27585]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:34:31 srv5 postfix/smtpd[27585]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:36:16 srv5 postfix/smtpd[26192]: warning: unknown[84.22.66.37]: SASL LOGIN authentication failed: authentication failure
    May 2 08:36:23 srv5 postfix/smtpd[27991]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:36:45 srv5 postfix/smtpd[27991]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:36:58 srv5 postfix/smtpd[27991]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:37:06 srv5 postfix/smtpd[28036]: warning: unknown[63.110.126.143]: SASL LOGIN authentication failed: authentication failure
    May 2 08:37:41 srv5 postfix/smtpd[26192]: warning: unknown[46.218.244.37]: SASL LOGIN authentication failed: authentication failure
    May 2 08:38:01 srv5 postfix/smtpd[27991]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:38:45 srv5 postfix/smtpd[28036]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:38:51 srv5 postfix/smtpd[27991]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:38:56 srv5 postfix/smtpd[28036]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure
    May 2 08:39:03 srv5 postfix/smtpd[27991]: warning: unknown[5.86.38.17]: SASL LOGIN authentication failed: authentication failure

    Any help and advice would be greatly appreciated as this is the second time we've had this issue.

    First time round I thought it may have been due to a DoS attack but I can't see this being the case.


    My system is Debian Wheezy, ISPConfig 3.0.5.3, Courier based on the latest perfect server build
     

Share This Page