[CentOS] SMTP Auth Spam Mail Attack
Alexander Dalloz
ad+lists at uni-x.org
Sat Oct 5 19:11:23 UTC 2013
Am 05.10.2013 18:19, schrieb Paul Shuttleworth:
> Has anyone any idea how they can be authenticating against SMTP auth with
> a username that does not exist on the server ?
>
> Any pointers towards next steps appreciated, as I am running out of ideas
> to try and lock this server down.
>
>
> Cheers
>
> Paul.
Hi Paul,
you will have to show your Sendmail SMTP AUTH configuration together
with all bits set for Cyrus SASL.
Baseline is, there is or has been a user "jon" usable for SMTP AUTH as
you have shown by the log entry:
Oct 5 15:17:53 www sendmail[6972]: AUTH=server,
relay=pppoe9.net109-120-27.se1.omkc.ru [109.120.27.9] (may be forged),
authid=jon, mech=LOGIN, bits=0
Alexander
More information about the CentOS
mailing list