Lock asked:
I am noticing the following in my maillog.
Lots of these:
Sep 10 10:29:56 westc01-01-01 postfix/smtpd[26788]: connect from unknown[85.111.7.182]
And these:
Sep 10 10:34:58 westc01-01-01 postfix/smtpd[26768]: disconnect from unknown[85.111.7.182]
Sep 10 10:34:58 westc01-01-01 postfix/smtpd[26758]: timeout after AUTH from unknown[85.111.7.182]
And these:
Sep 10 10:29:56 westc01-01-01 postfix/smtpd[26737]: warning: unknown[85.111.7.182]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Are these anything to worry about?
My answer:
Looks like just another random connection attempt from part of a botnet. Assuming your mail server is properly secured, you can ignore it. Of course, this is a good time to check and ensure that your mail server is properly secured.
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.