DevHeads.net

SASL LOGIN authentication failed

In these log lines, what is "UGFzc3dvcmQ6"?

May 12 07:52:07 mail submit-tls/smtpd[32670]: warning: vps1590651.vs.webtropia-customer.com[62.141.41.104]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 12 17:05:14 mail submit-tls/smtpd[87898]: warning: ma350.mars.fastwebserver.de[193.111.198.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 12 18:21:36 mail submit-tls/smtpd[65165]: warning: vps1590646.vs.webtropia-customer.com[62.141.41.114]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Comments

Re: SASL LOGIN authentication failed

By Matthew Broadhead at 05/13/2018 - 03:49

i get loads of these from different ip addresses all over the world with
the exact same password.  no idea what causes it.  i always wondered
myself. e.g. cat /var/log/maillog | grep UGFzc3dvcmQ6

...

May 13 08:43:43 ns1 postfix/smtpd[8800]: warning: unknown[46.148.27.71]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:28 ns1 postfix/smtpd[6191]: warning:
unknown[185.234.217.61]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:44:52 ns1 postfix/smtpd[11760]: warning:
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:17 ns1 postfix/smtpd[6191]: warning:
unknown[185.234.218.130]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:23 ns1 postfix/smtpd[11760]: warning: unknown[5.101.40.66]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:30 ns1 postfix/smtpd[11766]: warning:
unknown[181.214.206.20]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:45:32 ns1 postfix/smtpd[6191]: warning:
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:05 ns1 postfix/smtpd[11760]: warning:
unknown[201.162.182.66]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:46:09 ns1 postfix/smtpd[11766]: warning:
unknown[181.214.206.101]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 13 08:47:33 ns1 postfix/smtpd[11766]: warning: unknown[5.101.40.66]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6

On 13/05/18 06:42, @lbutlr wrote:

Re: SASL LOGIN authentication failed

By Erwan David at 05/13/2018 - 06:09

Le 05/13/18 à 09:49, Matthew Broadhead a écrit :
It is the base 64 encoding of Password:

Re: SASL LOGIN authentication failed

By Matthew Broadhead at 05/13/2018 - 06:49

On 13/05/18 12:09, Erwan David wrote:

Re: SASL LOGIN authentication failed

By Viktor Dukhovni at 05/13/2018 - 01:01

$ printf "%s\n" $(printf "%s\n" UGFzc3dvcmQ6 | openssl base64 -d)
Password:

Re: SASL LOGIN authentication failed

By LuKreme at 05/13/2018 - 01:27

On 2018-05-12 (23:01 MDT), Viktor Dukhovni <postfix- ... at dukhovni dot org> wrote:
So, is that what the morons tried to login with (I have a few others that using your snippet decode to "Username:" (VXNlcm5hbWU6), they are trying to login with a base64 encode of "Usernae:" or "Password:"?

Re: SASL LOGIN authentication failed

By Bill Cole at 05/13/2018 - 10:16

No, Postfix is logging the stage of an authentication failure in the
SASL LOGIN mechanism. It would be unwise to routinely log the wrong
credentials used by people who typo a username or password or by bots
that have a list of username+password combinations acquired elsewhere.

Re: SASL LOGIN authentication failed

By Durga Prasad Malyala at 05/13/2018 - 01:42

Wonderful words to reflect on.. on a Sunday.

You too will get old. And when you do you'll fantasize that when you
were young prices where reasonable, politicians were noble, and children
respected their elders. Respect your elders.

Rgds/DP
9849111010

Sent from my iPhone. Pls excuse brevity and typos if any.