[Assp-test] Not All Authentication Errors Logged

Sat, 09 May 2020 02:36:17 -0700 

Hi
I'm using ASSP version 2.6.3 **SPAM-Evaporator**  build 20002  (will upgrade in a moment) and I am occasionally seeing a large number of concurrent authentication attempts in the logs - 


2020-05-08 23:01:27 [Worker_2] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:27 [Worker_3] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:33 [Worker_2] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:33 [Worker_3] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:35 [Worker_4] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:39 [Worker_2] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:39 [Worker_3] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:40 [Worker_4] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:45 [Worker_2] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:45 [Worker_3] 141.98.80.48 info: authentication - login 
is used
2020-05-08 23:01:46 [Worker_4] 141.98.80.48 info: authentication - login 
is used



Which according to my AUTH logs on my mail server are failed login 
attempts, but ASSP isn't reporting them as such.



May  8 23:01:28 loft9371 checksmtppasswd: SMTP connect from 
unknown@localhost [127.0.0.1]
May  8 23:01:28 loft9371 checksmtppasswd: smtpcheckpasswd: FAILED: 
se...@adomain.co.uk
May  8 23:01:28 loft9371 checksmtppasswd: SMTP connect from 
unknown@localhost [127.0.0.1]
May  8 23:01:28 loft9371 checksmtppasswd: smtpcheckpasswd: FAILED: 
se...@adomain.co.uk
May  8 23:01:34 loft9371 checksmtppasswd: SMTP connect from 
unknown@localhost [127.0.0.1]
May  8 23:01:34 loft9371 checksmtppasswd: SMTP connect from 
unknown@localhost [127.0.0.1]
May  8 23:01:34 loft9371 checksmtppasswd: smtpcheckpasswd: FAILED: 
se...@adomain.co.uk
May  8 23:01:34 loft9371 checksmtppasswd: smtpcheckpasswd: FAILED: 
se...@adomain.co.uk


Other failed a AUTHs do get logged -


2020-05-08 23:03:04 [Worker_2] 117.0.8.239 info: authentication - plain 
is used
2020-05-08 23:03:11 [Worker_2] 117.0.8.239 [SMTP Error] 535 
authorization failed (#5.7.0)




Obviously I'd like these auth failures to appear in the ASSP logs and 
the IP addresses to be blocked.


Any idea what they are and how they don't appear in ASSP logs ?



_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






















					Reply via email to