• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Need smtp_auth messages even if authentication is successful

M

madcat

Guest
Hello. According to http://rackerhacker.com/2007/02/10/finding-compromised-mail-accounts-in-plesk/ , I should be able to find messages in my /var/log/messages file similar to this:

Feb 10 10:19:33 s60418 smtp_auth: SMTP connect from unknown@ [207.219.92.194]
Feb 10 10:19:33 s60418 smtp_auth: smtp_auth: SMTP user [USER] : /var/qmail/mailnames/[DOMAIN]/[USER] logged in from unknown@ [207.219.92.194]

I am not seeing these messages at all.

Instead, I am seeing:

Apr 30 16:50:14 localhost smtp_auth: SMTP connect from unknown@localhost [111.222.333.444]
Apr 30 16:50:14 localhost smtp_auth: smtp_auth: FAILED: [email protected] - no such user from [email protected] [111.222.333.444]

(In the above sample, the IP's, hostnames, and email addresses have been changed to fakes, but the structure is the same).

So, I am seeing messages if the smtp_auth connection fails, but nothing if it is successful. Anybody know how to make smtp_auth log a message, even if it is a successful login?

Thanks.
 
Back
Top