Dear all,
I regularly check the /var/log/mail.log file and don’t understand below attached entries.
I assume a script from some external server is trying to login with some default values.
My question:
How can I determine the IP address of the ‘attacking’ server.
How do I know which plugin is used to logon, so what kind of protocol or interface is used to authenticate (via WebApp, IMAP, …)
Jul 4 03:26:18 server kopano-ical[599]: ECChannel::HrEnableTLS(): SSL_accept failed: 1
Jul 4 03:26:18 server kopano-ical[599]: Unable to negotiate SSL connection
Jul 4 03:26:23 server kopano-ical[599]: ECChannel::HrEnableTLS(): SSL_accept failed: 5
Jul 4 03:26:23 server kopano-ical[599]: Unable to negotiate SSL connection
Jul 4 03:26:24 server kopano-ical[599]: ECChannel::HrEnableTLS(): SSL_accept failed: 1
Jul 4 03:26:24 server kopano-ical[599]: Unable to negotiate SSL connection
Jul 4 03:26:25 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:25 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:25 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:26 server kopano-server[16106]: Authentication by plugin failed for user "super": Trying to authenticate failed: super not found in LDAP; username = super
Jul 4 03:26:26 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "super": logon failed
Jul 4 03:26:26 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:30 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:30 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:30 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:30 server kopano-server[16106]: Authentication by plugin failed for user "root": Trying to authenticate failed: root not found in LDAP; username = root
Jul 4 03:26:30 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "root": logon failed
Jul 4 03:26:30 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:32 server kopano-server[16106]: Authentication by plugin failed for user "root": Trying to authenticate failed: root not found in LDAP; username = root
Jul 4 03:26:32 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "root": logon failed
Jul 4 03:26:32 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:32 server kopano-server[16106]: Authentication by plugin failed for user "ktroot": Trying to authenticate failed: ktroot not found in LDAP; username = ktroot
Jul 4 03:26:32 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "ktroot": logon failed
Jul 4 03:26:32 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:32 server kopano-server[16106]: Authentication by plugin failed for user "ktuser": Trying to authenticate failed: ktuser not found in LDAP; username = ktuser
Jul 4 03:26:32 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "ktuser": logon failed
Jul 4 03:26:32 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:34 server kopano-server[16106]: Authentication by plugin failed for user "ktuser": Trying to authenticate failed: ktuser not found in LDAP; username = ktuser
Jul 4 03:26:34 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "ktuser": logon failed
Jul 4 03:26:34 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:34 server kopano-server[16106]: Authentication by plugin failed for user "ubnt": Trying to authenticate failed: ubnt not found in LDAP; username = ubnt
Jul 4 03:26:34 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "ubnt": logon failed
Jul 4 03:26:34 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:42 server kopano-server[16106]: Authentication by plugin failed for user "root": Trying to authenticate failed: root not found in LDAP; username = root
Jul 4 03:26:42 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "root": logon failed
Jul 4 03:26:42 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:42 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:42 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:42 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:46 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:46 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:46 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:48 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:48 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:48 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:49 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:49 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:49 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:49 server kopano-server[16106]: Authentication by plugin failed for user "admin": Trying to authenticate failed: admin not found in LDAP; username = admin
Jul 4 03:26:49 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "admin": logon failed
Jul 4 03:26:49 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:50 server kopano-server[16106]: Authentication by plugin failed for user "xj110": Trying to authenticate failed: xj110 not found in LDAP; username = xj110
Jul 4 03:26:50 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "xj110": logon failed
Jul 4 03:26:50 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request
Jul 4 03:26:52 server kopano-server[16106]: Authentication by plugin failed for user "xj110": Trying to authenticate failed: xj110 not found in LDAP; username = xj110
Jul 4 03:26:52 server kopano-ical[599]: HrLogon server "http://localhost:236/" user "xj110": logon failed
Jul 4 03:26:52 server kopano-ical[599]: Login failed (0x80040111 logon failed), resending authentication request