We're apparently getting hit with a large number of attempts to get into
mailboxes (partial sample listing):
--------------------------------------------------------------------
Mar 11 11:56:32 smtp dovecot(pam_unix)[15314]: authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 11 12:01:01 smtp crond(pam_unix)[15320]: session opened for
user root by (uid=0)
Mar 11 12:01:01 smtp crond(pam_unix)[15320]: session closed for
user root
Mar 11 12:04:06 smtp dovecot(pam_unix)[15322]: check pass; user
unknown
Mar 11 12:04:06 smtp dovecot(pam_unix)[15322]: authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 11 12:05:06 smtp dovecot(pam_unix)[15324]: check pass; user
unknown
Mar 11 12:05:06 smtp dovecot(pam_unix)[15324]: authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 11 12:05:26 smtp dovecot(pam_unix)[15326]: check pass; user
unknown
Mar 11 12:05:26 smtp dovecot(pam_unix)[15326]: authentication
failure;
Nowhere can I find a client IP listing. These are not logged to secure
nor maillog. I just started logging 110 in iptables. Is that my only
option? Have I missed something?
--
Total Quality Management - A Commitment to Excellence
Fight Spam: http://www.tqmcube.com/rbldnsd.htm
Real Time Updates: rsync -t \
tqmcube.com::spamlists/[README.htm][clients][dynamic][relays][asiaspam]
http://www.tqmcube.com/spam_trap.htm
