[Dshield] Increase In SASL Hack Attempts

David Cary Hart DavidHart at TQMcube.com
Tue Mar 1 18:56:33 GMT 2005


Just a "heads up."

These seem to be increasing in frequency, presumably an endeavor to
relay spam:
-------------------------------------------------------
Maillog:
Mar  1 12:05:37 smtp postfix/smtpd[15025]: connect from unknown
[211.158.68.216]
Mar  1 12:05:39 smtp postfix/smtpd[15025]: warning: unknown
[211.158.68.216]: SASL LOGIN authentication failed
Mar  1 12:05:47 smtp last message repeated 6 times
Mar  1 12:05:48 smtp postfix/smtpd[15025]: warning: unknown
[211.158.68.216]: SASL LOGIN authentication failed
Mar  1 12:05:52 smtp last message repeated 2 times
Mar  1 12:05:55 smtp postfix/smtpd[15025]: warning: unknown
[211.158.68.216]: SASL LOGIN authentication failed
Mar  1 12:05:56 smtp postfix/smtpd[15025]: warning: unknown
[211.158.68.216]: SASL LOGIN authentication failed
Mar  1 12:06:08 smtp last message repeated 8 times
Mar  1 12:06:08 smtp postfix/smtpd[15025]: too many errors after
AUTH from unknown[211.158.68.216]

The usual entries in syslog, webmaster, postmaster and admin. A PRC spam
hacker. Imagine that -;)
-- 
Total Quality Management - A Commitment to Excellence
Fight Spam: http://www.tqmcube.com/rbldnsd.htm
Daily Updates: rsync -t \
tqmcube.com::spamlists/[README.htm][clients][dynamic][relays][asiaspam]
http://www.tqmcube.com/spam_trap.htm
                




More information about the list mailing list