What does “UGFzc3dvcmQ6” mean?

Problem:

I’m seeing syslog messages like this from Postfix:

Dec  3 18:14:13 mailserver postfix/smtpd[10215]: warning: unknown[109.202.9.80]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

The answer is in the secret language of base-64:

$ echo "UGFzc3dvcmQ6" | base64 -D
Password:
$

‘UGFzc3dvcmQ6’ is the base-64 encoded version of the string ‘Password:’. When an IMAP client tries to connect to a Dovecot server using the SASL LOGIN protocol, Dovecot asks for the user’s password. If the SASL protocol attempted by the client doesn’t match the standard that Dovecot is expecting (common with spambot-compromised clients), Dovecot reports an error:

Dec  3 18:14:10 mailserver postfix/smtpd[10215]: warning: hostname host-109-202-9-80.avantel.ru does not resolve to address 109.202.9.80: Name or service not known
Dec  3 18:14:10 mailserver postfix/smtpd[10215]: connect from unknown[109.202.9.80]
Dec  3 18:14:13 mailserver postfix/smtpd[10215]: warning: unknown[109.202.9.80]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec  3 18:14:17 mailserver postfix/smtpd[10215]: lost connection after AUTH from unknown[109.202.9.80]
Dec  3 18:14:17 mailserver postfix/smtpd[10215]: disconnect from unknown[109.202.9.80]

This gets reported to syslog as a postfix error, since Dovecot is launching Postfix to deliver the incoming e-mail message. The message can be safely ignored.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Reddit
  • StumbleUpon

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *