Replies: 3 comments
-
If there's nothing in Apache, then I suspect what you're seeing is Postfix doing lookups. Try looking in /var/log/mail.log ? |
Beta Was this translation helpful? Give feedback.
-
I dug deeper - I have postfix, postfixAdmin, Dovecot and Roundcube all setup together on the system and the only other entries I found were in dovecot.log. So while it looks like postfixAdmin user is looking up the mysql database, (Connect postfixadmin@localhost on postfixadmin using Socket) it seems like it originates from dovecot. Probably a spammer trying to find a way to exploit my mail server ` 2022-12-13T14:28:26.821210-08:00 2079 Connect postfixadmin@localhost on postfixadmin using Socket dovecot.log Dec 13 14:28:26 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth |
Beta Was this translation helpful? Give feedback.
-
Yeah, the traditional response to this is ...
Alternatively, you could just ignore the logging and live with it ? |
Beta Was this translation helpful? Give feedback.
-
Hello,
I configured postfixadmin on Debian 11 and it works great except I have noticed a lot of entries in my mysql-query.log like this
2022-12-12T18:06:18 1533 Query SELECT username AS user,password FROM mailbox WHERE username = 'root@mydomain.com' AND active='1'
2022-12-12T18:07:04 1533 Query SELECT username AS user,password FROM mailbox WHERE username = 'sysadmin@mydomain.com' AND active='1'
2022-12-12T18:07:17 1533 Query SELECT username AS user,password FROM mailbox WHERE username = 'admin2@mydomain.com' AND active='1'
It looks like someone is probing the system because those usernames don't exist but when I check the log files for postfix admin (/var/log/apache2/postfixadmin_error.log and access log) it only shows my personal logins and IP.
I'm trying to understand what page (if any) they are using to probe the database and how would I find their IP
Thanks
Beta Was this translation helpful? Give feedback.
All reactions