Security logfile

usura · June 7, 2019, 9:57am

I see a lot of pwd scan attacks.

mail.info:
Jun 3 06:25:19 lala Axigen[713]: SMTP-IN:0002CAD6: Authentication error for user ‘matthew@lalal.dom’: Account not found locally
Jun 3 06:25:20 lala Axigen[713]: SMTP-IN:0002CAD6: closing session from [185.137.111.129:43304]

mail.warn:
Jun 3 06:25:19 lala Axigen[713]: SMTP-IN:0002CAD6: Authentication error for user ‘matthew@lalal.dom’: Account not found locally

I would liek to have a format like:
Jun 3 08:28:32 lala sshd[44695]: Invalid user admin1 from 134.175.80.27 port 54654

so as to make blocking easier. Is that possible to add?

Tnx!

florin.burada · June 7, 2019, 10:11am

Hello,

You may try to enable the security log by changing the value of “enableSecurityLog” parameter from no to yes in Axigen configuration file (${AXIGEN_WORK_DIR}/run/axigen.cfg).

Note that a restart of Axigen service is required after the change.

Regards,
Florin

usura · June 7, 2019, 10:21am

2019-06-07 12:20:34 +0200 02 lala SECURITY:SMTP-IN;00000004;45.13.39.140;54696;OP_FAIL;maamounasl@lala.dom;;Authentication error; Account not found locally

Wunderbar!