On 03/03/11, Sam Varshavchik wrote:
> > authdaemond: received auth request, service=esmtp, authtype=login
> > authdaemond: received auth request from 12.34.56.78, service=esmtp,
> > authtype=login
>
> This is logged by authdaemond.
>
> This requires a non-trivial amount of work, since authdaemond knows
> little about who's on the other end of the local socket.
Right, I suspected as much.
> The protocol with the authdaemon client needs to change so that
> authdaemon can pass its environment variables to authdaemond.
We just had 2 accounts compromised and used for sending out a ton of
spam, one I found because an irate recipient sent back a complaint
which included the headers and the AUTH: LOGIN details. The other one
I just guessed by looking at some of the previous authdaemonrc DEBUG_LOGIN=1
details. In both cases I already have identified the incoming IP of
the culprit so matching that against authdaemond: debugging would have
saved 1000's of spams being sent out. I've already blocked the IP at
this stage but the spammer can just hop on another machine with a
different IP and start sending to the same compromised account which
I can only guess at.
Perhaps something to consider if and when you next look at authdaemond.
***
FWIW for future googling of the list archives, I found this useful...
alias failedlogin='grep '\''LOGIN FAILED, user='\'' /var/log/mail/mail.log |
awk -F'\''user='\'' '\''{print $2}'\'' | awk -F, '\''{print $1}'\'' | sort |
uniq -c | sort -nr'
Oh... and this one saves my butt quite often (like 90K spams yesterday)...
~ cat /usr/bin/cancelmailq
#!/bin/bash
[ -z "$1" ] && echo "Usage: cancelmailq user@domain|daemon" && exit 1
# this will pick up bounces from daemon
#"daemon $"
if [ "$1" = "daemon" ]; then
mailq | grep -B1 'daemon $' | sed -n
's/.*\(........\.........\.........\).*/cancelmsg \1/p' | sh
else
mailq | grep -B1 $1 | sed -n
's/.*\(........\.........\.........\).*/cancelmsg \1/p' | sh
fi
courier flush
--markc
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
