Am 05.10.2013 18:19, schrieb Paul Shuttleworth: > Has anyone any idea how they can be authenticating against SMTP auth with > a username that does not exist on the server ? > > Any pointers towards next steps appreciated, as I am running out of ideas > to try and lock this server down. > > > Cheers > > Paul. Hi Paul, you will have to show your Sendmail SMTP AUTH configuration together with all bits set for Cyrus SASL. Baseline is, there is or has been a user "jon" usable for SMTP AUTH as you have shown by the log entry: Oct 5 15:17:53 www sendmail[6972]: AUTH=server, relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged), authid=jon, mech=LOGIN, bits=0 Alexander _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: SMTP Auth Spam Mail Attack
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: SMTP Auth Spam Mail Attack
- From: Alexander Dalloz <ad+lists@xxxxxxxxx>
- Date: Sat, 05 Oct 2013 21:11:23 +0200
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <8876.62.49.25.18.1380989983.squirrel@www.aqualec.co.uk>
- User-agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.0
- Follow-Ups:
- Re: SMTP Auth Spam Mail Attack
- From: Paul Shuttleworth
- Re: SMTP Auth Spam Mail Attack
- References:
- SMTP Auth Spam Mail Attack
- From: Paul Shuttleworth
- SMTP Auth Spam Mail Attack
- Prev by Date: Re: Unattended install of CentOS in a VM with given login/password?
- Next by Date: Re: Unattended install of CentOS in a VM with given login/password?
- Previous by thread: SMTP Auth Spam Mail Attack
- Next by thread: Re: SMTP Auth Spam Mail Attack
- Index(es):
 |