smtp hack attempts and no IP in logs

Virtualmin
1

Hi, server gets smtp login attacks but firewall cant ban them because there is no IP in logs… like this in var/log/messages:

Mar 13 16:00:05 sunucu saslauthd[1484]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:07 sunucu saslauthd[1483]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:09 sunucu saslauthd[1485]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:11 sunucu saslauthd[1482]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:12 sunucu saslauthd[1484]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar 13 16:00:15 sunucu saslauthd[1482]: do_auth : auth failure: [user=admin] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]


Software versions:

Operating system CentOS Linux 7.4.1708
Perl version 5.016003
Path to Perl /usr/bin/perl
BIND version 9.9
Postfix version 2.10.1
Mail injection command /usr/lib/sendmail -t
Apache version 2.4.6
PHP versions 5.4.16, 7.0.10, 7.1.8
Logrotate version 3.8.6
MySQL version 10.1.31-MariaDB

Any idea to fix this?

2

I have the same problem, Any ideas?

3

Did you check var/log/maillog or mail? This is the place where you should find and see detailed reports of any login attempts to your mail server and logs of any email you sent or received.