0

Hi I would be very thankful if someone could help me on explaining this logwatch summary of my postfix installation on my ubuntu 10.04 vps. I dont really know if this might be a normal log file because of the many authentication failed entries and foreign IP addresses. Any advise for a novice? Thx!

****** Summary
*************************************************************************************
113 SASL authentication failed
195 Miscellaneous warnings
8.419K Bytes accepted 8,621
8.419K Bytes delivered 8,621
======== ==================================================
3 Accepted 60.00%
2 Rejected 40.00%
-------- --------------------------------------------------
5 Total 100.00%
======== ==================================================
2 5xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 5xx Rejects 100.00%
======== ==================================================
116 Connections
1 Connections lost (inbound)
116 Disconnections
3 Removed from queue
3 Delivered
1 Hostname verification errors
****** Detail (10)
*********************************************************************************
113 SASL authentication failed
--------------------------------------------------------------
113 92.24.80.207 host-92-24-80-207.ppp.as43234.net
113 LOGIN
113 generic failure
195 Miscellaneous warnings
------------------------------------------------------------------
113 SASL authentication failure: cannot connect to saslauthd server: Permission
denied
41 inet_protocols: IPv6 support is disabled: Address family not supported by
protocol
41 inet_protocols: configuring for IPv4 support only
2 5xx Reject relay denied
-----------------------------------------------------------------
1 46.242.103.110 unknown
1 new70@freemailhost.ru
1 114.42.142.103 114-42-142-103.dynamic.hinet.net
1 vkihwpdh@yahoo.com.tw
1 Connections lost (inbound)
--------------------------------------------------------------
1 After RCPT
3 Delivered
-------------------------------------------------------------------------------
3 myhost.xx
1 Hostname verification errors
------------------------------------------------------------
1 Name or service not known
1 46.242.103.110 broadband-46-242-103-110.nationalcablenetworks.ru
=== Delivery Delays Percentiles
============================================================
0% 25% 50% 75% 90% 95% 98% 100%
DannyRe
  • 109
  • 4

1 Answers1

3

The 113 authentication errors match up with the 113 SASL errors.

SASL authentication failure: cannot connect to saslauthd server: Permission denied

There seem to be many different reasons that can cause this error message. See if any of those fix your SASL problem.

Is that 92.24.80.207 IP address you? If not, someone may be trying out passwords to see if they can log in.

Ladadadada
  • 26,337
  • 7
  • 59
  • 90
  • Hi thx for your reply! `92.24.80.207` is not my ip address! I am just concerned that my postfix server is being used as a spam emailer. – DannyRe Jul 02 '12 at 14:43
  • 1
    With `3 Delivered` in that report, your server is not a major spam source if it is sending any. Check the actual logs to be sure. Large changes in that number tend to be an indication that someone has figured out how to use your server to send spam. Once they get in, they will send tens of thousands per day. You can [test to see if you are running an open relay here](http://www.abuse.net/relay.html). – Ladadadada Jul 02 '12 at 14:49