attempt to connect by spam appliance

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

attempt to connect by spam appliance

snowie-2
Hello Postfix-users,

Just curious. I got these continuous attempt to connect to email server
by my spam appliance.
Any advice ?

Thank you and best regards.

Snowie

Apr 24 10:19:15 email postfix/smtpd[2232]: connect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:16 email postfix/smtpd[2159]: connect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:18 email postfix/smtpd[2141]: warning: firewall.abc.com[192.168.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 24 10:19:18 email postfix/smtpd[2232]: warning: firewall.abc.com[192.168.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 24 10:19:18 email postfix/smtpd[2141]: lost connection after AUTH from firewall.abc.com[192.168.0.1]
Apr 24 10:19:18 email postfix/smtpd[2141]: disconnect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:18 email postfix/smtpd[2232]: lost connection after AUTH from firewall.abc.com[192.168.0.1]
Apr 24 10:19:18 email postfix/smtpd[2232]: disconnect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:19 email postfix/smtpd[2141]: connect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:20 email postfix/smtpd[2232]: connect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:21 email postfix/smtpd[2141]: warning: firewall.abc.com[192.168.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 24 10:19:21 email postfix/smtpd[2141]: lost connection after AUTH from firewall.abc.com[192.168.0.1]
Apr 24 10:19:21 email postfix/smtpd[2141]: disconnect from firewall.abc.com[192.168.0.1]
Apr 24 10:19:22 email postfix/smtpd[2159]: 48BF93523D8: client=firewall.abc.com[192.168.0.1]
Apr 24 10:19:22 email postfix/smtpd[2232]: warning: firewall.abc.com[192.168.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Apr 24 10:19:22 email postfix/smtpd[2232]: lost connection after AUTH from firewall.abc.com[192.168.0.1]




Reply | Threaded
Open this post in threaded view
|

Re: attempt to connect by spam appliance

Simon Brereton-2
On 23 April 2012 22:28, snowie <[hidden email]> wrote:

> Hello Postfix-users,
>
> Just curious. I got these continuous attempt to connect to email server
> by my spam appliance.
> Any advice ?
>
> Thank you and best regards.
>
> Snowie
>
> Apr 24 10:19:15 email postfix/smtpd[2232]: connect from firewall.abc.com[192.168.0.1]
> Apr 24 10:19:16 email postfix/smtpd[2159]: connect from firewall.abc.com[192.168.0.1]
> Apr 24 10:19:18 email postfix/smtpd[2141]: warning: firewall.abc.com[192.168.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
> Apr 24 10:19:18 email postfix/smtpd[2232]: warning: firewall.abc.com[192.168.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6


Happens all the time over here.  By that, I mean a couple of times a
week.  Seems some spammers are desperate enough to try SMTP AUTH.
Which can work, if you have a weak password and a known account (think
[hidden email]/Password123 or [hidden email]/Admin12345;
etc).

Time to make sure your password policy is up to date and enforced.
Personally, I favour length over complexity, but you'll find different
opinions on here as you will everywhere.  And to be sure, complexity
helps when you have physical access to the system, but length will
help if you're relying on an internet protocol to make your attempts
(inmho, ymmv).

Simon