search for: sasl_method

...tart another dict. attack. I'm just not sure how they guess the username/password as its not on any logs that goes back months and I don't have a dovecot record for that user. /var/log/maillog:Nov 10 02:46:16 mrelay3 postfix/smtpd[27776]: 3B64928015: client=unknown[94.242.206.37], sasl_method=LOGIN, sasl_username=paramus /var/log/maillog:Nov 10 02:47:54 mrelay3 postfix/smtpd[27776]: 247AB28016: client=unknown[94.242.206.37], sasl_method=LOGIN, sasl_username=paramus /var/log/maillog:Nov 10 02:48:00 mrelay3 postfix/smtpd[27785]: 87DE128016: client=unknown[94.242.206.37], sasl_method=LOG...

Package: logcheck-database Severity: normal postfix has changed log formats, now it includes sasl_sender in log lines. The rule at ./ignore.d.server/postfix:109 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$ must be updated with: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+, sasl_sender=[-_.@[:alnum:]]+$ -- System Information: Debia...

...ername Paramus never shows up on the dovecot dictionary attack log, as a matter of fact the user Paramus is nowhere to be found on the dovecot log at all and I have logs going back months. /var/log/maillog:Nov 10 02:46:16 mrelay3 postfix/smtpd[27776]: 3B64928015: client=unknown[94.242.206.37], sasl_method=LOGIN, sasl_username=paramus /var/log/maillog:Nov 10 02:47:54 mrelay3 postfix/smtpd[27776]: 247AB28016: client=unknown[94.242.206.37], sasl_method=LOGIN, sasl_username=paramus /var/log/maillog:Nov 10 02:48:00 mrelay3 postfix/smtpd[27785]: 87DE128016: client=unknown[94.242.206.37], sasl_method=LOG...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I think I found a mistake in the postfix file in /etc/logcheck/ignore.d.server. There is one equal sign to much in this line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[[:alnum:]]+, sasl_username==[-_.@[:alnum:]]+$ I think it should be: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$ Kind regards, Timo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2....

...> smtpd -v instead of smtpd -- that will hopefully give some more insight. Did that and I think I have a candidate: # grep B8678C1DD078 /var/log/maillog Jan 28 15:35:11 x postfix/smtpd[17752]: input attribute value: B8678C1DD078 Jan 28 15:35:11 x postfix/smtpd[17752]: B8678C1DD078: client=x, sasl_method=LOGIN, sasl_username=x Jan 28 15:35:11 x postfix/cleanup[17755]: B8678C1DD078: message-id=<1535444742.91269.1453991711730.JavaMail.tomcat at x> Jan 28 15:35:11 x postfix/smtpd[17752]: > x: 250 2.0.0 Ok: queued as B8678C1DD078 Jan 28 15:35:11 x postfix/qmgr[17622]: B8678C1DD078: from=<...

Hi all, topology: java/tomcat app mailing to the outside via a C7 postfix relay server. problem: java app submits mail to postfix but there is _nothing_ logged in the postfix maillog. This happen for 2/3 of all mail submitted. We cannot see any trace of this submitted mail either incoming/stored/outgoing. Log from java app (shortened): DEBUG: getProvider() returning

...lt;webserver ip>]: SASL DIGEST-MD5 authentication failed: Connection lost to authentication server > Jul 21 14:25:29 mail dovecot: auth-worker(27595): mysql(127.0.0.1): Connected to database mail > Jul 21 14:25:29 mail postfix/smtpd[27590]: D4D8E44752: client=unknown[<webserver ip>], sasl_method=CRAM-MD5, sasl_username=<existing account and working account> > Jul 21 14:25:29 mail postfix/cleanup[27598]: D4D8E44752: message-id=<id at doma.in> > Jul 21 14:25:29 mail postfix/qmgr[13349]: D4D8E44752: from=<server at doma.in>, size=2680, nrcpt=1 (queue active) > Jul 2...

...op3_client_workarounds = outlook-no-nuls oe-ns-eoh login_process_size = 64 namespace private { separator = . prefix = INBOX. inbox = yes } And here's the mail.log from a test message that I sent out: Mar 16 09:52:46 byron postfix/smtpd[24082]: C75E84F006D: client=unknown[xxx.xx.xxx.xx], sasl_method=LOGIN, sasl_username=kat at amtpolitics.com Mar 16 09:52:46 byron postfix/cleanup[24085]: C75E84F006D: message-id=<46497375E9264D2BA3BFB31BE37918BC at Kat> Mar 16 09:52:46 byron postfix/qmgr[19409]: C75E84F006D: from=<kat at amtpolitics.com>, size=887, nrcpt=10 (queue active) Mar 16 09:...

...ssword FROM users WHERE userid = 'admin' AND domain = 'asergis.com' Mar 25 16:55:13 mail-server dovecot[2786]: auth: Debug: client passdb out: OK??????? 1??????? user=admin at asergis.com Mar 25 16:55:13 mail-server postfix/smtpd[2872]: 5C63030208: client=unknown[10.254.200.202], sasl_method=PLAIN, sasl_username=admin at asergis.com Mar 25 16:55:13 mail-server postfix/cleanup[2881]: 5C63030208: message-id=<d7706aa7-a2ad-6890-5590-e6f83b5ec3af at asergis.com> Mar 25 16:55:13 mail-server postfix/qmgr[2870]: 5C63030208: from=<admin at asergis.com>, size=622, nrcpt=1 (queue...

...dialin.net[84.179.43.201] Apr 7 19:38:36 delta postfix/smtpd[23037]: TLS connection established from p54B32BC9.dip.t-dialin.net[84.179.43.201]: TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits) Apr 7 19:38:37 delta postfix/smtpd[23037]: NOQUEUE: client=p54B32BC9.dip.t-dialin.net[84.179.43.201], sasl_method=CRAM-MD5, sasl_username=anmeyer at anup.de Apr 7 19:39:01 delta postfix/smtpd[23139]: connect from localhost[127.0.0.1] Apr 7 19:39:01 delta postfix/smtpd[23139]: 9C1BA1B30FB0: client=localhost[127.0.0.1] Apr 7 19:39:01 delta postfix/cleanup[23142]: 9C1BA1B30FB0: message-id=<20130407193818.62...

...CONT#0111#011BQQF/w....M= Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011BQQE/w....u Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: AE80A80592: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=GSSAPI, sasl_username=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/cleanup[2219]: AE80A80592: message-id=<51CB8100.1010103 at example.com> Jun 26 17:02:08 SBSMTPNV05 postfix/qmgr[1999]: AE80A80592: from=<matthew at example.com>, size=2178, nrcpt=1 (queue active) Jun 26 17:02:08 SBSMTPN...

...Jul 3 20:31:09 kriyayoga dovecot: auth(default): passwd-file(hans,124.108.51.96): lookup: user=hans file=/etc/dovecot/passwd Jul 3 20:31:09 kriyayoga dovecot: auth(default): client out: OK#0111#011user=hans Jul 3 20:31:09 kriyayoga postfix/smtpd[27801]: BC90129D9F: client=unknown[124.108.51.96], sasl_method=PLAIN, sasl_username=hans Jul 3 20:31:10 kriyayoga postfix/cleanup[27807]: BC90129D9F: message-id=<201007032031.07830.hans at kriyayoga.com> Jul 3 20:31:10 kriyayoga postfix/qmgr[14627]: BC90129D9F: from=<hans at kriyayoga.com>, size=1287, nrcpt=2 (queue active) Jul 3 20:31:10 kriyay...

.../lib/dovecot/deliver -d ${recipient} #/var/log/mail.info Feb 19 12:37:51 mail postfix/master[6082]: daemon started -- version 2.3.8, configuration /etc/postfix Feb 19 12:37:58 mail postfix/smtpd[6106]: connect from XXX [XXX] Feb 19 12:37:58 mail postfix/smtpd[6106]: 9D150107C3C4: client=XXX [XXX], sasl_method=LOGIN, sasl_username=username at email.com thats all ...... here are my logs telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost ESMTP Postfix (Debian/GNU) ehlo localhost.com 250-localhost 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-E...

...CONT#0111#011BQQF/w....M= Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client in: CONT#0111#011BQQE/w....u Jun 26 17:02:08 SBSMTPNV05 dovecot: auth: Debug: client out: OK#0111#011user=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/smtpd[2221]: AE80A80592: client=nvit01b.mydomain.com[10.20.2.0], sasl_method=GSSAPI, sasl_username=myusername Jun 26 17:02:08 SBSMTPNV05 postfix/cleanup[2219]: AE80A80592: message-id=<51CB8100.1010103 at example.com> Jun 26 17:02:08 SBSMTPNV05 postfix/qmgr[1999]: AE80A80592: from=<matthew at example.com>, size=2178, nrcpt=1 (queue active) Jun 26 17:02:08 SBSMTPN...

...21 16:39:07 myserver postfix/smtpd[18189]: vstream_buf_get_ready: fd 15 got 45 Oct 21 16:39:07 myserver postfix/smtpd[18189]: < mycomp.myserver.net[10.11.12.5]: AUTH PLAIN ********************************************= Oct 21 16:39:07 myserver postfix/smtpd[18189]: xsasl_dovecot_server_first: sasl_method PLAIN, init_response **************************************== Oct 21 16:39:07 myserver postfix/smtpd[18189]: vstream_fflush_some: fd 16 flush 64 Oct 21 16:39:07 myserver postfix/smtpd[18189]: vstream_buf_get_ready: fd 16 got 58 Oct 21 16:39:07 myserver postfix/smtpd[18189]: xsasl_dovecot_handle_r...

...admin' AND >> domain = 'asergis.com' >> Mar 25 16:55:13 mail-server dovecot[2786]: auth: Debug: client passdb >> out: OK??????? 1 user=admin at asergis.com >> Mar 25 16:55:13 mail-server postfix/smtpd[2872]: 5C63030208: >> client=unknown[10.254.200.202], sasl_method=PLAIN, >> sasl_username=admin at asergis.com >> Mar 25 16:55:13 mail-server postfix/cleanup[2881]: 5C63030208: >> message-id=<d7706aa7-a2ad-6890-5590-e6f83b5ec3af at asergis.com> >> Mar 25 16:55:13 mail-server postfix/qmgr[2870]: 5C63030208: >> from=<admin...

...o solve the previous UID issue, i went the full LMTP route. however, i seem to be having problems with the prefetch userdb (i'm trying to minimize load on the LDAP server). namely, the log says: Aug? 2 00:15:35 rhyno postfix/submission/smtpd[21158]: 5EEF35C05C5: client=localhost[127.0.0.1], sasl_method=login, sasl_username=aik Aug? 2 00:15:40 rhyno postfix/cleanup[22201]: 5EEF35C05C5: message-id=<20180801221535.5EEF35C05C5 at beach.rhyno.tech> Aug? 2 00:15:40 rhyno postfix/qmgr[17437]: 5EEF35C05C5: from=<pdx at pdx.hu>, size=295, nrcpt=1 (queue active) Aug? 2 00:15:40 rhyno dovecot:...

Yes, I have tried these exact same settings, with the exception that we DO have a certificate so we don?t have to confirm certificate. Jeff > On Jun 1, 2015, at 9:19 PM, voytek at sbt.net.au wrote: > > On Tue, June 2, 2015 9:27 am, SH Development wrote: >> Dovecot 2.0.9 >> >> >> I am able to connect successfully with Thunderbird, Win 8, Apple Mail, >>

...:days 1 :subject "Aus?ncia: ${subject}" text: Ol?! Estou em treinamento externo durante o per?odo de 21 a 25 de junho. Att, . ; } mail.log: Jun 18 10:07:02 netuno postfix/smtpd[10722]: 6372A16073: client=mic-062.a1.ind.br[192.168.0.4], sasl_method=PLAIN, sasl_username=marcio.merlone Jun 18 10:07:02 netuno postfix/cleanup[10724]: 6372A16073: message-id=<4C1B6F7A.6000703 at a1.ind.br> Jun 18 10:07:02 netuno postfix/qmgr[4964]: 6372A16073: from=<marcio.merlone at a1.ind.br>, size=888, nrcpt=1 (queue active) Jun 18 10:07:02 netuno...

Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch Hi, after examining the code for postfix/smtpd, the following parameters for that specific log line can be present: client, sasl_method, sasl_username, sasl_sender, orig_queue_id, orig_client "client" is always present, the others are added where applicable, but always in the order explained above. There have been three different regexps, which can be covered in one. Please see the attached patch file for details. Best...