Hello, In spite of the installation of "Blockhost" "I still continuous be the target of attack, can someone help me?. Extract of /var/log/auth.log Code: Nov 18 13:32:32 myserver saslauthd[2620]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:32:34 myserver saslauthd[2620]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:32:34 myserver saslauthd[2620]: do_auth : auth failure: [user=passwd] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:32:40 myserver saslauthd[2622]: (pam_unix) check pass; user unknown Nov 18 13:32:40 myserver saslauthd[2622]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:32:42 myserver saslauthd[2622]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:32:42 myserver saslauthd[2622]: do_auth : auth failure: [user=123456] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:32:47 myserver saslauthd[2618]: (pam_unix) check pass; user unknown Nov 18 13:32:47 myserver saslauthd[2618]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:32:49 myserver saslauthd[2618]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:32:49 myserver saslauthd[2618]: do_auth : auth failure: [user=newpass] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:32:53 myserver saslauthd[2619]: (pam_unix) check pass; user unknown Nov 18 13:32:53 myserver saslauthd[2619]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:32:55 myserver saslauthd[2619]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:32:55 myserver saslauthd[2619]: do_auth : auth failure: [user=notused] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:33:01 myserver saslauthd[2621]: (pam_unix) check pass; user unknown Nov 18 13:33:01 myserver saslauthd[2621]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:33:02 myserver saslauthd[2621]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:33:01 myserver saslauthd[2621]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:33:02 myserver saslauthd[2621]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:33:02 myserver saslauthd[2621]: do_auth : auth failure: [user=Hockey] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:33:08 myserver saslauthd[2620]: (pam_unix) check pass; user unknown Nov 18 13:33:08 myserver saslauthd[2620]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:33:10 myserver saslauthd[2620]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:33:10 myserver saslauthd[2620]: do_auth : auth failure: [user=internet] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:33:15 myserver saslauthd[2622]: (pam_unix) check pass; user unknown Nov 18 13:33:15 myserver saslauthd[2622]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:33:17 myserver saslauthd[2622]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:33:17 myserver saslauthd[2622]: do_auth : auth failure: [user=*******] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:33:23 myserver saslauthd[2619]: (pam_unix) check pass; user unknown Nov 18 13:33:23 myserver saslauthd[2619]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:33:25 myserver saslauthd[2619]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Nov 18 13:33:25 myserver saslauthd[2619]: do_auth : auth failure: [user=Maddock] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] Nov 18 13:33:30 myserver saslauthd[2618]: (pam_unix) check pass; user unknown Nov 18 13:33:30 myserver saslauthd[2618]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= Nov 18 13:33:32 myserver saslauthd[2618]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module Extract of my file /var/log/mail.info Code: Nov 18 15:18:42 myserver postfix/smtpd[31185]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:18:43 myserver postfix/smtpd[31185]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:18:49 myserver postfix/smtpd[31248]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:18:49 myserver postfix/smtpd[31183]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:18:50 myserver postfix/smtpd[31248]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:18:57 myserver postfix/smtpd[31183]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:18:57 myserver postfix/smtpd[30761]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:18:58 myserver postfix/smtpd[31183]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:04 myserver postfix/smtpd[30761]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:19:04 myserver postfix/smtpd[31188]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:05 myserver postfix/smtpd[30761]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:11 myserver postfix/smtpd[31188]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:19:12 myserver postfix/smtpd[31185]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:13 myserver postfix/smtpd[31188]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:28 myserver postfix/smtpd[30761]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:34 myserver postfix/smtpd[31248]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:35 myserver postfix/smtpd[31188]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:19:36 myserver postfix/smtpd[31188]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:42 myserver postfix/smtpd[31248]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:19:42 myserver postfix/smtpd[31183]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:43 myserver postfix/smtpd[31248]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:49 myserver postfix/smtpd[31183]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:19:50 myserver postfix/smtpd[31185]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:50 myserver postfix/smtpd[31183]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:57 myserver postfix/smtpd[31248]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:19:57 myserver postfix/smtpd[31185]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:19:58 myserver postfix/smtpd[31185]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:20:04 myserver postfix/smtpd[31183]: connect from 65.106.203.226.ptr.us.xo.net[65.106.203.226] Nov 18 15:20:05 myserver postfix/smtpd[31248]: warning: 65.106.203.226.ptr.us.xo.net[65.106.203.226]: SASL LOGIN authentication failed: authentication failure Nov 18 15:20:06 myserver postfix/smtpd[31248]: disconnect from 65.106.203.226.ptr.us.xo.net[65.106.203.226]
As far as I see all attempts are from the same IP (65.106.203.226). You can block it like this: http://www.howtoforge.com/forums/showthread.php?t=6363&highlight=route+reject