Re: SMTP Auth Spam Mail Attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 05.10.2013 18:19, schrieb Paul Shuttleworth:
> Has anyone any idea how they can be authenticating against SMTP auth with
> a username that does not exist on the server ?
> 
> Any pointers towards next steps appreciated, as I am running out of ideas
> to try and lock this server down.
> 
> 
> Cheers
> 
> Paul.

Hi Paul,

you will have to show your Sendmail SMTP AUTH configuration together
with all bits set for Cyrus SASL.

Baseline is, there is or has been a user "jon" usable for SMTP AUTH as
you have shown by the log entry:

Oct  5 15:17:53 www sendmail[6972]: AUTH=server,
relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged),
authid=jon, mech=LOGIN, bits=0

Alexander

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux