Guten Abend zusammen,
seit heute morgen habe ich einige versuchte logins auf meinem Mailserver
Fail2Ban:
2014-06-20 09:01:20,915 fail2ban.actions: WARNING [sasl] Ban 50.194.34.29
2014-06-20 09:11:21,677 fail2ban.actions: WARNING [sasl] Unban 50.194.34.29
2014-06-20 09:29:20,858 fail2ban.actions: WARNING [sasl] Ban 62.251.210.2
2014-06-20 09:39:21,519 fail2ban.actions: WARNING [sasl] Unban 62.251.210.2
2014-06-20 09:57:26,724 fail2ban.actions: WARNING [sasl] Ban 105.237.63.214
2014-06-20 10:07:27,393 fail2ban.actions: WARNING [sasl] Unban 105.237.63.214
2014-06-20 10:25:13,585 fail2ban.actions: WARNING [sasl] Ban 14.23.148.42
2014-06-20 10:35:14,272 fail2ban.actions: WARNING [sasl] Unban 14.23.148.42
2014-06-20 10:52:52,429 fail2ban.actions: WARNING [sasl] Ban 83.19.218.50
2014-06-20 11:02:53,089 fail2ban.actions: WARNING [sasl] Unban 83.19.218.50
2014-06-20 11:06:16,314 fail2ban.actions: WARNING [sasl] Ban 71.170.118.15
2014-06-20 11:16:16,940 fail2ban.actions: WARNING [sasl] Unban 71.170.118.15
2014-06-20 11:33:55,091 fail2ban.actions: WARNING [sasl] Ban 77.42.246.238
2014-06-20 11:43:55,686 fail2ban.actions: WARNING [sasl] Unban 77.42.246.238
2014-06-20 13:08:49,406 fail2ban.actions: WARNING [sasl] Ban 186.215.174.252
2014-06-20 13:18:50,092 fail2ban.actions: WARNING [sasl] Unban 186.215.174.252
2014-06-20 13:34:58,183 fail2ban.actions: WARNING [sasl] Ban 190.116.62.70
2014-06-20 13:44:58,862 fail2ban.actions: WARNING [sasl] Unban 190.116.62.70
Mich würde nun interessieren mit welchem Nutzernamen dort versucht wird sich einzulogen. Gibt es eine Möglichkeit diese anzeigen zu lassen?
Die mail.log zeigt z.B.
Jun 21 00:14:38 server1 postfix/smtpd[26465]: warning: unknown[178.19.99.103]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 21 00:14:38 server1 postfix/smtpd[26465]: disconnect from unknown[178.19.99.103]
Vielen Dank
Gruß Stefan
seit heute morgen habe ich einige versuchte logins auf meinem Mailserver
Fail2Ban:
2014-06-20 09:01:20,915 fail2ban.actions: WARNING [sasl] Ban 50.194.34.29
2014-06-20 09:11:21,677 fail2ban.actions: WARNING [sasl] Unban 50.194.34.29
2014-06-20 09:29:20,858 fail2ban.actions: WARNING [sasl] Ban 62.251.210.2
2014-06-20 09:39:21,519 fail2ban.actions: WARNING [sasl] Unban 62.251.210.2
2014-06-20 09:57:26,724 fail2ban.actions: WARNING [sasl] Ban 105.237.63.214
2014-06-20 10:07:27,393 fail2ban.actions: WARNING [sasl] Unban 105.237.63.214
2014-06-20 10:25:13,585 fail2ban.actions: WARNING [sasl] Ban 14.23.148.42
2014-06-20 10:35:14,272 fail2ban.actions: WARNING [sasl] Unban 14.23.148.42
2014-06-20 10:52:52,429 fail2ban.actions: WARNING [sasl] Ban 83.19.218.50
2014-06-20 11:02:53,089 fail2ban.actions: WARNING [sasl] Unban 83.19.218.50
2014-06-20 11:06:16,314 fail2ban.actions: WARNING [sasl] Ban 71.170.118.15
2014-06-20 11:16:16,940 fail2ban.actions: WARNING [sasl] Unban 71.170.118.15
2014-06-20 11:33:55,091 fail2ban.actions: WARNING [sasl] Ban 77.42.246.238
2014-06-20 11:43:55,686 fail2ban.actions: WARNING [sasl] Unban 77.42.246.238
2014-06-20 13:08:49,406 fail2ban.actions: WARNING [sasl] Ban 186.215.174.252
2014-06-20 13:18:50,092 fail2ban.actions: WARNING [sasl] Unban 186.215.174.252
2014-06-20 13:34:58,183 fail2ban.actions: WARNING [sasl] Ban 190.116.62.70
2014-06-20 13:44:58,862 fail2ban.actions: WARNING [sasl] Unban 190.116.62.70
Mich würde nun interessieren mit welchem Nutzernamen dort versucht wird sich einzulogen. Gibt es eine Möglichkeit diese anzeigen zu lassen?
Die mail.log zeigt z.B.
Jun 21 00:14:38 server1 postfix/smtpd[26465]: warning: unknown[178.19.99.103]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jun 21 00:14:38 server1 postfix/smtpd[26465]: disconnect from unknown[178.19.99.103]
Vielen Dank
Gruß Stefan