On 13 May 2018, at 1:27 (-0400), @lbutlr wrote:
On 2018-05-12 (23:01 MDT), Viktor Dukhovni
<[email protected]> wrote:
On May 13, 2018, at 12:42 AM, @lbutlr <[email protected]> wrote:
In these log lines, what is "UGFzc3dvcmQ6"?
May 12 07:52:07 mail submit-tls/smtpd[32670]: warning:
vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
$ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d)
Password:
So, is that what the morons tried to login with (I have a few others
that using your snippet decode to "Username:" (VXNlcm5hbWU6), they are
trying to login with a base64 encode of "Usernae:" or "Password:"?
No, Postfix is logging the stage of an authentication failure in the
SASL LOGIN mechanism. It would be unwise to routinely log the wrong
credentials used by people who typo a username or password or by bots
that have a list of username+password combinations acquired elsewhere.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
