I am running a private mailserver for quite some time now, which is a postfix / dovecot setup. I noticed some log messages from postfix, which alerted me a little bit, and I hope, someone can explain those messages to me.
Feb 15 08:09:28 myhostname postfix/submission/smtpd[360942]: connect from fixed-187-190-157-212.totalplay.net[187.190.157.212]
Feb 15 08:09:44 myhostname postfix/submission/smtpd[360942]: warning: fixed-187-190-157-212.totalplay.net[187.190.157.212]: SASL PLAIN authentication failed: Connection lost to authentication server
Feb 15 08:09:45 myhostname postfix/submission/smtpd[360942]: disconnect from fixed-187-190-157-212.totalplay.net[187.190.157.212] ehlo=2 starttls=1 auth=0/1 quit=1 unknown=0/1 commands=4/6
Feb 15 08:09:49 myhostname dovecot[136388]: auth-worker(360945): sql(username,187.190.157.212): unknown user
Why am I seeing the warning "connection lost to authentication server"? This is a local setup, which means the authentication is being done via the unix-socket private/auth, which is being owned by the dovecot auth-worker. The userdb behind this is a local sqlite-database (since my server is small).
This means there is no communication outside localhost to authenticate - which is the reason why I believed that I should never see such a warning. Did the auth-worker process crash? (I doubt that, the same PID for dovecot auth-worker is inside the logs before and after that message)
Did the foreign guy (probably a botnet trying to send spam) manage to inject a foreign authentication server into my config? (this should be impossible, correct?)
Should I be worried?
