1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Need smtp_auth messages even if authentication is successful

Discussion in 'Plesk for Linux - 8.x and Older' started by madcat, Apr 30, 2008.

  1. madcat

    madcat Guest

    Hello. According to http://rackerhacker.com/2007/02/10/finding-compromised-mail-accounts-in-plesk/ , I should be able to find messages in my /var/log/messages file similar to this:

    Feb 10 10:19:33 s60418 smtp_auth: SMTP connect from unknown@ []
    Feb 10 10:19:33 s60418 smtp_auth: smtp_auth: SMTP user [USER] : /var/qmail/mailnames/[DOMAIN]/[USER] logged in from unknown@ []

    I am not seeing these messages at all.

    Instead, I am seeing:

    Apr 30 16:50:14 localhost smtp_auth: SMTP connect from unknown@localhost [111.222.333.444]
    Apr 30 16:50:14 localhost smtp_auth: smtp_auth: FAILED: somebody@somewhere.com - no such user from somebody@somewhere.com [111.222.333.444]

    (In the above sample, the IP's, hostnames, and email addresses have been changed to fakes, but the structure is the same).

    So, I am seeing messages if the smtp_auth connection fails, but nothing if it is successful. Anybody know how to make smtp_auth log a message, even if it is a successful login?

  2. madcat

    madcat Guest