Every 1,0s: tail -n1000 /var/log/zimbra.log | grep auth_zimbra: Fri Sep 28 01:55:23 2018
Sep 28 01:00:40 correo saslauthd[6285]: auth_zimbra: test auth failed: authentication failed for [test]
Sep 28 01:01:53 correo saslauthd[6287]: auth_zimbra: admin auth failed: authentication failed for [admi
n]
Sep 28 01:03:23 correo saslauthd[6283]: auth_zimbra: root auth failed: authentication failed for [root]
Sep 28 01:04:32 correo saslauthd[6285]: auth_zimbra: info auth failed: authentication failed for [info]
Sep 28 01:05:38 correo saslauthd[6284]: auth_zimbra: postmaster auth failed: authentication failed for
[postmaster]
Sep 28 01:06:55 correo saslauthd[6282]: auth_zimbra: teste123 auth failed: authentication failed for [t
este123]
Sep 28 01:07:18 correo saslauthd[6283]: auth_zimbra: test auth failed: authentication failed for [test]
Sep 28 01:08:05 correo saslauthd[6285]: auth_zimbra: admin auth failed: authentication failed for [admi
n]
Sep 28 01:09:18 correo saslauthd[6284]: auth_zimbra: root auth failed: authentication failed for [root]
Sep 28 01:10:41 correo saslauthd[6283]: auth_zimbra: info auth failed: authentication failed for [info]
Sep 28 01:11:53 correo saslauthd[6285]: auth_zimbra: postmaster auth failed: authentication failed for
[postmaster]
Sep 28 01:13:10 correo saslauthd[6287]: auth_zimbra: test auth failed: authentication failed for [test]
Sep 28 01:14:20 correo saslauthd[6282]: auth_zimbra: admin auth failed: authentication failed for [admi
n]
Sep 28 01:14:59 correo saslauthd[6283]: auth_zimbra: hpword auth failed: authentication failed for [hpw
ord]
Sep 28 01:15:37 correo saslauthd[6284]: auth_zimbra: root auth failed: authentication failed for [root]
Sep 28 01:19:24 correo saslauthd[6282]: auth_zimbra: test auth failed: authentication failed for [test]
Sep 28 01:20:36 correo saslauthd[6283]: auth_zimbra: admin auth failed: authentication failed for [admi
n]
zmcontrol -v
Release 8.7.11.GA.1854.UBUNTU16.64 UBUNTU16_64 FOSS edition.
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
Is this normal?
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Is this normal?
brute force in progress
- L. Mark Stone
- Ambassador
- Posts: 2796
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.6 Network Edition
- Contact:
Re: Is this normal?
Brute force in progress, as DualBoot said.
This is a good use case for fail2ban or DoSFilter....
Hope that helps,
Mark
This is a good use case for fail2ban or DoSFilter....
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: Is this normal?
If you put something on the internet, someone malicious will try to log into it.
My home server has SSH open on a non standard port (security through obscurity). Fail2ban still bans at least one person/bot a month.
So is it normal? Yes. Just a normal everyday threat to the security of your internet facing device.
My home server has SSH open on a non standard port (security through obscurity). Fail2ban still bans at least one person/bot a month.
So is it normal? Yes. Just a normal everyday threat to the security of your internet facing device.