Our james-server.log file today is showing lots of these: INFO 19:50:30,910 | james.smtpserver | ID=11635173 Connection established from 218.87.219.86 (218.87.219.86) ERROR 19:50:33,252 | james.smtpserver | ID=11635173 AUTH method LOGIN failed INFO 19:50:34,265 | james.smtpserver | ID=11635173 Connection closed for 218.87.219.86 (218.87.219.86)
I'm assuming this is a bad actor trying to use our James server as an open relay. The annoying part is that we have log4j configured to send us emails on any ERROR logs, so we're notified if our mailets throw exceptions. I'm getting one of these emails every 10 secs or so. Is there a way to either: 1) reduce log level of "AUTH method LOGIN failed" to WARN? should this really even be at the ERROR level to begin with? 2) Ignore all traffic from 218.87.219.86 Thanks, Zach --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
