Facebook
Twitter
M
madcat
Guest
Hello. According to http://rackerhacker.com/2007/02/10/finding-compromised-mail-accounts-in-plesk/ , I should be able to find messages in my /var/log/messages file similar to this:
Feb 10 10:19:33 s60418 smtp_auth: SMTP connect from unknown@ [207.219.92.194]
Feb 10 10:19:33 s60418 smtp_auth: smtp_auth: SMTP user [USER] : /var/qmail/mailnames/[DOMAIN]/[USER] logged in from unknown@ [207.219.92.194]
I am not seeing these messages at all.
Instead, I am seeing:
Apr 30 16:50:14 localhost smtp_auth: SMTP connect from unknown@localhost [111.222.333.444]
Apr 30 16:50:14 localhost smtp_auth: smtp_auth: FAILED: somebody@somewhere.com - no such user from somebody@somewhere.com [111.222.333.444]
(In the above sample, the IP's, hostnames, and email addresses have been changed to fakes, but the structure is the same).
So, I am seeing messages if the smtp_auth connection fails, but nothing if it is successful. Anybody know how to make smtp_auth log a message, even if it is a successful login?
Thanks.
Feb 10 10:19:33 s60418 smtp_auth: SMTP connect from unknown@ [207.219.92.194]
Feb 10 10:19:33 s60418 smtp_auth: smtp_auth: SMTP user [USER] : /var/qmail/mailnames/[DOMAIN]/[USER] logged in from unknown@ [207.219.92.194]
I am not seeing these messages at all.
Instead, I am seeing:
Apr 30 16:50:14 localhost smtp_auth: SMTP connect from unknown@localhost [111.222.333.444]
Apr 30 16:50:14 localhost smtp_auth: smtp_auth: FAILED: somebody@somewhere.com - no such user from somebody@somewhere.com [111.222.333.444]
(In the above sample, the IP's, hostnames, and email addresses have been changed to fakes, but the structure is the same).
So, I am seeing messages if the smtp_auth connection fails, but nothing if it is successful. Anybody know how to make smtp_auth log a message, even if it is a successful login?
Thanks.
