2022-03-05
SMTP auth bruteforce attacks seen
In checking recent logs I noticed several tries to find SMTP authentication credentials. Most notably is that anything that vaguely resembles something that might be an SMTP account is tried. Including plussed e-mail addresses and information from SIP urls.
Mar 5 14:12:09 gosper saslauthd[16336]: : auth failure: [user=8006] [service=smtp] [realm=idefix.net] [mech=pam] [reason=PAM auth error] Mar 5 17:15:00 gosper saslauthd[16339]: : auth failure: [user=koos+web] [service=smtp] [realm=idefix.net] [mech=pam] [reason=PAM auth error] Mar 5 18:08:04 gosper saslauthd[16339]: : auth failure: [user=belspel] [service=smtp] [realm=idefix.net] [mech=pam] [reason=PAM auth error]