>All of these entries are using the LOGIN mech.  Unless you have an
>extremely old outlook express MUA (or similar) you xan and should be
>using the PLAIN mech.  You can eliminate all of the above attacks by
>removing LOGIN from the list of mechs you accept.

Peter:

I too see a lot of these so I went to try your solution.  I edited 
/etc/sasl2/smtpd.conf  
It now contains:

pwcheck_method: saslauthd
#mech_list: plain login
mech_list: plain

Restarted postfix and dovecot.

But now I notice I have both LOGIN and PLAIN failures, the change I made didn't 
have any effect that I can see.  
May 22 18:40:18 tn2 postfix-submission/smtpd[6125]: warning: 
unknown[218.67.123.202]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 22 18:40:31 tn2 postfix-submission/smtpd[6063]: warning: 
unknown[60.212.0.13]: SASL PLAIN authentication failed:
May 22 18:40:51 tn2 postfix-submission/smtpd[6126]: warning: 
unknown[41.207.248.204]: SASL PLAIN authentication failed:
May 22 18:41:25 tn2 postfix-submission/smtpd[6125]: warning: 
unknown[109.195.69.156]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 22 18:41:41 tn2 postfix-submission/smtpd[6063]: warning: 
unknown[175.196.165.155]: SASL LOGIN authentication failed: 

Is there some place else I need to adjust that mechs I accept?  Something else 
I need to restart?

Thanks, Scott



_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to