Auth Failure Messages

Home » CentOS » Auth Failure Messages
CentOS 2 Comments

Folks

I am using sendmail as my mail server. SELINUX is disabled. I observe messages in CentOS 7 (and 6) in /var/log/messages, similar to:

saslauthd[2765]: do_auth : auth failure: [user

2 thoughts on - Auth Failure Messages

  • You might learn more by perusing /var/log/maillog.

    thereare a number of sendmail techniques you can use to reduce spam or spam attempts. I can’t tell you right now where I found them all, many of them I encountered while googling for sendmail or similar. The single biggest reduction in spam and malicious connection attempts I’ve found so far is to install and spend time configuring milter-greylist. probably cut the amount of spam I see in mutt in half. or maybe better than that. there are now days when I find nothing in my spam folder, whereas I would formerly see a dozen or five dozen or similar.

    and though it is now old and no longer maintained, spambayes still works well to separate the wheat from the chaff.

    if you want, contact me off-list and I can send you someof the settings I use in sendmail’s .mc file for these purposes.

  • The default sendmail LogLevel is 9, but if you bump it to 10 sendmail will log the remote IP address associated with auth failures. In your sendmail.mc file, set

    define(`confLOG_LEVEL’, `10′)

    Or, if you manually edit sendmail.cf (), then add

    O LogLevel=10

    You’ll send up with mail log messages that correspond to the saslauthd failures you’ve noted:

    2017-10-17T10:42:39.099125-04:00 mightymite sendmail[7240]:
    v9HEgTgp597220: AUTH failure (LOGIN): authentication failure (-13)
    SASL(-13): authentication failure: checkpass failed, relay=[nnn.nnn.nnn.nnn]