Getting alot of messages in syslog SASL Auth Postfix

I recently started getting the following error. Do I have to do anything or is this just an attempt to use my postcix to send spam?

Dec 31 13:05:38 serviidb postfix/smtpd[17618]: connect from unknown[50.34.240.12]
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure

I found a post that mentioned fail2ban as a possible solution to this? Has anyone used fail2ban? I mainly running a Drupal 7 site so will fail2ban affect it?

2 Replies

Enable the SASL filter in fail2ban and that should work. This is the default regex in Ubuntu 12.10:

failregex = (?i): warning: [-._\w]+\[<host>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$</host>

Ok, I am in the middle of a 10.04 => 12.04 ubuntu upgrade. Once I get everything back up and running correctly. I will install fail2ban.

Thanks for the help.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct