View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Getting alot of messages in syslog SASL Auth Postfix
Log in to Ask a Question

Getting alot of messages in syslog SASL Auth Postfix

email

I recently started getting the following error. Do I have to do anything or is this just an attempt to use my postcix to send spam?

Dec 31 13:05:38 serviidb postfix/smtpd[17618]: connect from unknown[50.34.240.12]
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 31 13:05:39 serviidb postfix/smtpd[17618]: warning: unknown[50.34.240.12]: SASL LOGIN authentication failed: authentication failure

I found a post that mentioned fail2ban as a possible solution to this? Has anyone used fail2ban? I mainly running a Drupal 7 site so will fail2ban affect it?

2 Replies

Enable the SASL filter in fail2ban and that should work. This is the default regex in Ubuntu 12.10:

failregex = (?i): warning: [-._\w]+\[<host>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$</host>

Ok, I am in the middle of a 10.04 => 12.04 ubuntu upgrade. Once I get everything back up and running correctly. I will install fail2ban.

Thanks for the help.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct