Serious Security Logging Issue

David Cary Hart Fedora at TQMcube.com
Fri Mar 11 17:27:11 UTC 2005


We're apparently getting hit with a large number of attempts to get into
mailboxes (partial sample listing):
--------------------------------------------------------------------
        Mar 11 11:56:32 smtp dovecot(pam_unix)[15314]: authentication
        failure; logname= uid=0 euid=0 tty= ruser= rhost= 
        Mar 11 12:01:01 smtp crond(pam_unix)[15320]: session opened for
        user root by (uid=0)
        Mar 11 12:01:01 smtp crond(pam_unix)[15320]: session closed for
        user root
        Mar 11 12:04:06 smtp dovecot(pam_unix)[15322]: check pass; user
        unknown
        Mar 11 12:04:06 smtp dovecot(pam_unix)[15322]: authentication
        failure; logname= uid=0 euid=0 tty= ruser= rhost= 
        Mar 11 12:05:06 smtp dovecot(pam_unix)[15324]: check pass; user
        unknown
        Mar 11 12:05:06 smtp dovecot(pam_unix)[15324]: authentication
        failure; logname= uid=0 euid=0 tty= ruser= rhost= 
        Mar 11 12:05:26 smtp dovecot(pam_unix)[15326]: check pass; user
        unknown
        Mar 11 12:05:26 smtp dovecot(pam_unix)[15326]: authentication
        failure; 
        
Nowhere can I find a client IP listing. These are not logged to secure
nor maillog. I just started logging 110 in iptables. Is that my only
option? Have I missed something?

-- 
Total Quality Management - A Commitment to Excellence
Fight Spam: http://www.tqmcube.com/rbldnsd.htm
Real Time Updates: rsync -t \
tqmcube.com::spamlists/[README.htm][clients][dynamic][relays][asiaspam]
http://www.tqmcube.com/spam_trap.htm
                




More information about the fedora-list mailing list