Jump to content
Sign in to follow this  
bonzer1

VPS ed email

Recommended Posts

Il colpevole potrebbe essere questo:

 

Sep 2 19:07:10 NOSTROSERVER-1 postfix/smtpd[29718]: connect from unknown[185.11.144.155]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: listen=6, status=5, dbpath='/var/spool/postfix/plesk/passwd.db', keypath='/var/spool/postfix/plesk/passwd_db_key', chroot=0, unprivileged=1

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: privileges set to (89:89) (effective 89:89)

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: main cycle started

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: main cycle iteration

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: activity on 1 channel(s)

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: new client (fd=10) registered

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: main cycle iteration

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: activity on 1 channel(s)

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: some read activity on client 10

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 2)=2

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=0]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 4)=4

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=1]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 2)=2

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=2]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 7)=7

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=3]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 2)=2

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=4]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 4)=4

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=5]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 2)=2

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=6]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: read(10, &buf, 16)=16

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: processing client data chunk [state=7]

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: No such user 'shop@ip-91-121-161.eu' in mail authorization database

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: failed mail authenticatication attempt for user 'shop@ip-91-121-161.eu' (password len=8)

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: main cycle iteration

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: activity on 1 channel(s)

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: some write activity on client 10

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: attempt to write(10, &buf, 4)

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: client 10 processed

Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: main cycle iteration

Sep 2 19:07:10 NOSTROSERVER-1 postfix/smtpd[29718]: warning: unknown[185.11.144.155]: SASL LOGIN authentication failed: authentication failure

Sep 2 19:07:11 NOSTROSERVER-1 postfix/smtpd[29718]: lost connection after AUTH from unknown[185.11.144.155]

Sep 2 19:07:11 NOSTROSERVER-1 postfix/smtpd[29718]: disconnect from unknown[185.11.144.155]

 

 

Chi mi aiuta ad interpretare queste righe di log? Grazie

Share this post


Link to post
Share on other sites

Ciao DanyXP,

 

la riga "Sep 2 19:07:10 NOSTROSERVER-1 plesk_saslauthd[2094]: No such user 'shop@ip-91-121-161.eu' in mail authorization database" indica che si è tentato l'accesso come "shop@ip-91-121-161.eu" e il sistema ha risposto "No such user" ovvero che quell'utente non esiste.

 

Il log "Sep 2 19:07:10 NOSTROSERVER-1 postfix/smtpd[29718]: warning: unknown[185.11.144.155]: SASL LOGIN authentication failed: authentication failure" è una conseguenza del tentativo precedente, in cui il client con IP 185.11.144.155 ha provato a loggarsi con credenziali errate, utilizzando come metodo di autenticazione SASL di Postfix che è il tuo MTA.

 

Consiglio: installa fail2ban e vivi sereno. :)

 

Bye!

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×