You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Zach Cox <zc...@gmail.com> on 2011/11/07 20:55:03 UTC
AUTH method LOGIN failed
Our james-server.log file today is showing lots of these:
INFO 19:50:30,910 | james.smtpserver | ID=11635173 Connection
established from 218.87.219.86 (218.87.219.86)
ERROR 19:50:33,252 | james.smtpserver | ID=11635173 AUTH method LOGIN failed
INFO 19:50:34,265 | james.smtpserver | ID=11635173 Connection closed
for 218.87.219.86 (218.87.219.86)
I'm assuming this is a bad actor trying to use our James server as an
open relay. The annoying part is that we have log4j configured to send
us emails on any ERROR logs, so we're notified if our mailets throw
exceptions.
I'm getting one of these emails every 10 secs or so.
Is there a way to either:
1) reduce log level of "AUTH method LOGIN failed" to WARN? should this
really even be at the ERROR level to begin with?
2) Ignore all traffic from 218.87.219.86
Thanks,
Zach
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: AUTH method LOGIN failed
Posted by Zach Cox <zc...@gmail.com>.
Thanks Norman: https://issues.apache.org/jira/browse/PROTOCOLS-47
On Tue, Nov 8, 2011 at 11:14 AM, Norman Maurer
<no...@googlemail.com> wrote:
> Hi Zach,
>
> I think we should move the loglevel to INFO. Can you fill a jira issue
> in the protocols project ?
>
> https://issues.apache.org/jira/browse/PROTOCOLS
>
> Thanks,
> Norman
>
>
> 2011/11/7 Zach Cox <zc...@gmail.com>:
>> Our james-server.log file today is showing lots of these:
>>
>> INFO 19:50:30,910 | james.smtpserver | ID=11635173 Connection
>> established from 218.87.219.86 (218.87.219.86)
>> ERROR 19:50:33,252 | james.smtpserver | ID=11635173 AUTH method LOGIN failed
>> INFO 19:50:34,265 | james.smtpserver | ID=11635173 Connection closed
>> for 218.87.219.86 (218.87.219.86)
>>
>> I'm assuming this is a bad actor trying to use our James server as an
>> open relay. The annoying part is that we have log4j configured to send
>> us emails on any ERROR logs, so we're notified if our mailets throw
>> exceptions.
>>
>> I'm getting one of these emails every 10 secs or so.
>>
>> Is there a way to either:
>> 1) reduce log level of "AUTH method LOGIN failed" to WARN? should this
>> really even be at the ERROR level to begin with?
>> 2) Ignore all traffic from 218.87.219.86
>>
>> Thanks,
>> Zach
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: AUTH method LOGIN failed
Posted by Norman Maurer <no...@googlemail.com>.
Hi Zach,
I think we should move the loglevel to INFO. Can you fill a jira issue
in the protocols project ?
https://issues.apache.org/jira/browse/PROTOCOLS
Thanks,
Norman
2011/11/7 Zach Cox <zc...@gmail.com>:
> Our james-server.log file today is showing lots of these:
>
> INFO 19:50:30,910 | james.smtpserver | ID=11635173 Connection
> established from 218.87.219.86 (218.87.219.86)
> ERROR 19:50:33,252 | james.smtpserver | ID=11635173 AUTH method LOGIN failed
> INFO 19:50:34,265 | james.smtpserver | ID=11635173 Connection closed
> for 218.87.219.86 (218.87.219.86)
>
> I'm assuming this is a bad actor trying to use our James server as an
> open relay. The annoying part is that we have log4j configured to send
> us emails on any ERROR logs, so we're notified if our mailets throw
> exceptions.
>
> I'm getting one of these emails every 10 secs or so.
>
> Is there a way to either:
> 1) reduce log level of "AUTH method LOGIN failed" to WARN? should this
> really even be at the ERROR level to begin with?
> 2) Ignore all traffic from 218.87.219.86
>
> Thanks,
> Zach
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org