Linode Forum :: Getting alot of messages in syslog SASL Auth Postfix

Linode Forum https://forum.linode.com/

Getting alot of messages in syslog SASL Auth Postfix https://forum.linode.com/viewtopic.php?f=11&t=9666	Page 1 of 1

Author:

moltra [ Mon Dec 31, 2012 2:16 pm ]

Post subject:

Getting alot of messages in syslog SASL Auth Postfix

I recently started getting the following error. Do I have to do anything or is this just an attempt to use my postcix to send spam?

Code:

Dec 31 13:05:38 serviidb postfix/smtpd[17618]: connect from unknown[50.34.240.12]
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure

I found a post that mentioned fail2ban as a possible solution to this? Has anyone used fail2ban? I mainly running a Drupal 7 site so will fail2ban affect it?

Author:	iml [ Fri Jan 04, 2013 6:36 pm ]
Post subject:	Re: Getting alot of messages in syslog SASL Auth Postfix
Enable the SASL filter in fail2ban and that should work. This is the default regex in Ubuntu 12.10: Code: failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN\|PLAIN\|(?:CRAM\|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]={0,2})?\s$

Author:	moltra [ Sat Jan 05, 2013 2:22 pm ]
Post subject:	Re: Getting alot of messages in syslog SASL Auth Postfix
Ok, I am in the middle of a 10.04 => 12.04 ubuntu upgrade. Once I get everything back up and running correctly. I will install fail2ban. Thanks for the help.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/