Thanks heaps Thomas! There was a bit missing in that code - &main:: before the mlog line. Figured it out.
I didn’t bother with the password line, as long as I knew which account it was, I could just change that account’s password. So I made the change at home, drove to work and looked at logs and hardly had to scroll back at all. 20 mins after restarting ASSP there it was: Dec-12-14 09:19:30 [Worker_1] Connected: session:7FDE4BA3C2D0 127.0.0.1:65354 > 127.0.0.1:25 > 127.0.0.1:10026 Dec-12-14 09:19:33 [Worker_1] 127.0.0.1 info: authentication - plain is used Dec-12-14 09:19:33 [Worker_1] 127.0.0.1 info: authentication (PLAIN) realms - foruser:, user:[email protected] Dec-12-14 09:20:01 id-36379-18627 [Worker_1] [RelayAttempt] 127.0.0.1 <[email protected]> to: [email protected] relay attempt blocked for unknown local sender domain Dec-12-14 09:20:01 id-36379-18627 [Worker_1] [RelayAttempt] 127.0.0.1 <[email protected]> to: [email protected] info: server has closed the connection without sending a reply - classify mail as rejected by MTA Dec-12-14 09:20:01 [Worker_1] Finished message - received DATA size: 1.15 kByte - sent DATA size: 0 Byte Dec-12-14 09:20:01 [Worker_1] Disconnected: session:7FDE4BA3C2D0 127.0.0.1 - processing time 31 seconds So I’ve now changed m’s password. (I’ve edited the email address for this post). Will keep monitoring it for a while in case there are any others. Thanks again Thomas. James. > On 12 Dec 2014, at 12:30 am, Thomas Eckardt <[email protected]> > wrote: > >> Is there anyway to get it to show any more authentication info - eg which > username was used? Any debug setting? > > James, add the following lines (case sensitive) to the 'sub set' in the > file 'assp/lib/CorrectASSPcfg.pm' > > $main::AUTHLogUser = 1; # shows the login user > $main::AUTHLogPWD = 1; # shows the password > mlog(0,"info: AUTH logging is now enabled"); > > and restart ASSP > > > James be carefull!!! Setting 'AUTHLogPWD' to 1 - ASSP will log the > passwords (for PLAIN and LOGIN) to the maillog.txt in clear text !!!! > If you don't really need to know the password, remove the password line or > set AUTHLogPWD to zero! > > - Protect the log files > - remove (comment out) these lines if the problem is solved > - remove the password lines from the maillog.txt files > > This feature is hidden and undocumented in V2 for security reasons - YOU > ARE WARNED ! > > Thomas > > > > Von: James Brown <[email protected]> > An: ASSP development mailing list <[email protected]> > Datum: 11.12.2014 14:10 > Betreff: Re: [Assp-test] I'm sending messages from Yahoo? > > > > >> On 11 Dec 2014, at 8:48 pm, Doug Lytle <[email protected]> wrote: >> >> James Brown wrote: >>> Dec-11-14 10:23:53 [Worker_2] Connected: session:7FAD1B6519F8 > 127.0.0.1:51769 > 127.0.0.1:25 > 127.0.0.1:10026 >>> Dec-11-14 10:23:56 [Worker_2] 127.0.0.1 info: authentication - plain is > used >> >> You've got a compromised account on your system. The sender > authenticated. >> >> A failed authentication would be similar to the below: >> >> 07-12-2014 05:15:00 [Worker_1] Connected: session:7F3F0DB2AF98 >> 5.189.129.101:61808 > 10.10.10.247:587 > 10.10.10.250:25 >> 07-12-2014 05:15:01 [Worker_1] 5.189.129.101 info: got STARTTLS request >> from 5.189.129.101 >> 07-12-2014 05:15:01 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 info: >> authentication - plain is used >> 07-12-2014 05:15:02 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 warning: > >> SMTP authentication failed on 10.10.10.250 > > Thanks Doug. > > Is there anyway to get it to show any more authentication info - eg which > username was used? Any debug setting? > > Regards, > > James. > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
