I am using sendmail as my mail server. SELINUX is disabled. I observe messages in CentOS 7 (and 6) in /var/log/messages, similar to:
saslauthd: do_auth : auth failure: [user
You might learn more by perusing /var/log/maillog.
thereare a number of sendmail techniques you can use to reduce spam or spam attempts. I can’t tell you right now where I found them all, many of them I encountered while googling for sendmail or similar. The single biggest reduction in spam and malicious connection attempts I’ve found so far is to install and spend time configuring milter-greylist. probably cut the amount of spam I see in mutt in half. or maybe better than that. there are now days when I find nothing in my spam folder, whereas I would formerly see a dozen or five dozen or similar.
and though it is now old and no longer maintained, spambayes still works well to separate the wheat from the chaff.
if you want, contact me off-list and I can send you someof the settings I use in sendmail’s .mc file for these purposes.
The default sendmail LogLevel is 9, but if you bump it to 10 sendmail will log the remote IP address associated with auth failures. In your sendmail.mc file, set
Or, if you manually edit sendmail.cf (), then add
You’ll send up with mail log messages that correspond to the saslauthd failures you’ve noted:
2017-10-17T10:42:39.099125-04:00 mightymite sendmail:
v9HEgTgp597220: AUTH failure (LOGIN): authentication failure (-13)
SASL(-13): authentication failure: checkpass failed, relay=[nnn.nnn.nnn.nnn]