>-----Message d'origine----- >De : [email protected] >[mailto:[email protected]]De la part de Rob Arends >Envoye : jeudi 20 janvier 2011 07:32 >A : 'XMail Users Mailing List' >Objet : Re: [xmail] Knowing who is failing Auth Logins > > >Hi Francis, > >I have solved this, and then read your mail below. >I basically did what you wrote. > >Wireshark did not decode for me, but I found that each attempt >was the same >user/password. >I just used the text shown in Wireshark and pasted into some >online base64 >en/decoder. > >As they were all the same encoded text, I began to suspect a >user and not an >attack. > >Here's the egg.... It was my father's ADSL router attempting >to send it's >log to me. >The same one I configured a couple of months ago to send me >the log, so I >could use the src IP in a poor man's dynamic-dns resolver. > >Except I typo'd the SMTP auth user name. :-( > >The key to it was that he usually leaves his PC on, and I was >suspecting an >infection of some kind, but today he is away and turned it off. >So it started me thinking, if his PC is off, what could be >sending from his >IP address -> the router !!! > >Thanks to all. > >(Still would be nice if the pop3/smtp logs showed the user-id used in a >failed login attempt. It would help tracking the source down.) > >Rob :-) > >
Yes, would be a good debug option to have them (user login and name received) written on smtp log on failed attempts (Don't remenber if in pop logs any message for failed attemps with user/pass used ... just remember a pop log setting to not write passwords on normaly 'success' attempts) _______________________________________________ xmail mailing list [email protected] http://xmailserver.org/mailman/listinfo/xmail
