Lately I’ve been looking at my mail logs and noticed that on them it gets written spam, postfix and dovecot messages among other, which is a little uncomfortable. We can use grep to filter, but perhaps a better approach is to send spamassassin logs to a different file.
tail /var/log/mail.log Oct 16 17:13:11 myserver postfix/smtpd[29869]: connect from unknown[185.234.219.254] Oct 16 17:13:11 myserver postfix/smtpd[29869]: warning: unknown[185.234.219.254]: SASL LOGIN authentication failed: Invalid authentication mechanism Oct 16 17:13:11 myserver postfix/smtpd[29869]: lost connection after AUTH from unknown[185.234.219.254] Oct 16 17:13:11 myserver postfix/smtpd[29869]: disconnect from unknown[185.234.219.254] Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101 Oct 16 17:15:53 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101] Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism Oct 16 17:15:54 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101] Oct 16 17:16:41 myserver postfix/smtpd[29896]: warning: hostname unassigned.quadranet.com does not resolve to address 192.161.170.229 Oct 16 17:16:41 myserver postfix/smtpd[29896]: connect from unknown[192.161.170.229] Oct 16 17:16:42 myserver postfix/smtpd[29896]: Anonymous TLS connection established from unknown[192.161.170.229]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Oct 16 17:17:03 myserver postfix/smtpd[29896]: warning: eotzqh.kylieslowcase.fun.blackhole.securitysage.com: RBL lookup error: Host or domain name not found. Name service error for name=eotzqh.kylieslowcase.fun.blackhole.securitysage.com type=A: Host not found, try again Oct 16 17:17:05 myserver postfix/smtpd[29896]: DA88C2607C5: client=unknown[192.161.170.229] Oct 16 17:17:06 myserver postfix/cleanup[29903]: DA88C2607C5: message-id=Oct 16 17:17:06 myserver postfix/qmgr[1238]: DA88C2607C5: from= , size=32258, nrcpt=1 (queue active) Oct 16 17:17:06 myserver postfix/smtpd[29896]: disconnect from unknown[192.161.170.229] Oct 16 17:17:08 myserver postfix/pickup[29368]: 3D6B4260878: uid=5001 from= Oct 16 17:17:08 myserver postfix/pipe[29904]: DA88C2607C5: to= , relay=spamassassin, delay=26, delays=24/0.01/0/1.9, dsn=2.0.0, status=sent (delivered via spamassassin service) Oct 16 17:17:08 myserver postfix/qmgr[1238]: DA88C2607C5: removed Oct 16 17:17:08 myserver postfix/cleanup[29903]: 3D6B4260878: message-id= Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: from= , size=32672, nrcpt=1 (queue active) Oct 16 17:17:08 myserver postfix/pipe[29908]: 3D6B4260878: to= , relay=dovecot, delay=0.22, delays=0.07/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: removed Oct 16 17:17:51 myserver postfix/smtpd[29896]: connect from unknown[185.36.81.87] Oct 16 17:17:51 myserver postfix/smtpd[29896]: warning: unknown[185.36.81.87]: SASL LOGIN authentication failed: Invalid authentication mechanism Oct 16 17:17:51 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[185.36.81.87] Oct 16 17:17:51 myserver postfix/smtpd[29896]: disconnect from unknown[185.36.81.87] Oct 16 17:18:49 myserver postfix/smtpd[29896]: connect from unknown[187.55.179.130] Oct 16 17:18:50 myserver postfix/smtpd[29896]: warning: unknown[187.55.179.130]: SASL LOGIN authentication failed: Invalid authentication mechanism Oct 16 17:18:50 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[187.55.179.130] Oct 16 17:18:50 myserver postfix/smtpd[29896]: disconnect from unknown[187.55.179.130] Oct 16 17:19:50 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101 Oct 16 17:19:50 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101] Oct 16 17:19:51 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism Oct 16 17:19:51 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101] Oct 16 17:21:21 myserver postfix/anvil[29719]: statistics: max connection rate 1/60s for (smtp:177.143.199.94) at Oct 16 17:12:24