De tempos em tempos, meu servidor de e-mail para de enviar novos e-mails, e sempre que encontro o log de erros de extração,
Jun 22 23:10:18 myserver saslauthd[3967]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:18 myserver saslauthd[3971]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:19 myserver saslauthd[3972]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:19 myserver saslauthd[3968]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:20 myserver saslauthd[3969]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:20 myserver saslauthd[3967]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:21 myserver saslauthd[3971]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:21 myserver saslauthd[3972]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Jun 22 23:10:22 myserver saslauthd[3971]: DEBUG: auth_pam: pam_authenticate failed: Memory buffer error
Toda vez que eu tenho que reiniciar meu servidor para funcionar normalmente novamente
Eu também sempre encontro o log de erro repetitivo abaixo de IPs desconhecidos (não tenho certeza se está relacionado ou não):
Jun 21 06:48:43 myserver sshd[1687]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root
Jun 21 06:48:45 myserver sshd[1708]: Failed password for root from ######## port 60021 ssh2
Jun 21 06:48:47 myserver sshd[1708]: Failed password for root from ######## port 60021 ssh2
Jun 21 06:48:47 myserver sshd[1708]: Received disconnect from #######: 11: [preauth]
Jun 21 06:48:47 myserver sshd[1708]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root
Jun 21 06:48:47 myserver sshd[1730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root
Jun 21 06:48:48 myserver sshd[1732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost============= user=root
Jun 21 06:48:48 myserver sshd[1730]: Failed password for root from ************ port 60094 ssh2
Jun 21 06:48:50 myserver sshd[1732]: Failed password for root from ============ port 40613 ssh2
Jun 21 06:48:50 myserver sshd[1730]: Failed password for root from ************ port 60094 ssh2
Jun 21 06:48:50 myserver sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root
Jun 21 06:48:52 myserver sshd[1736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=************ user=root
Jun 21 06:48:52 myserver sshd[1732]: Failed password for root from ============ port 40613 ssh2
Jun 21 06:48:52 myserver sshd[1730]: Failed password for root from ************ port 60094 ssh2
Jun 21 06:48:52 myserver sshd[1730]: Received disconnect from ***********: 11: [preauth]
Jun 21 06:48:52 myserver sshd[1730]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=*********** user=root
Jun 21 06:48:52 myserver sshd[1734]: Failed password for root from ######## port 47803 ssh2
Jun 21 06:48:54 myserver sshd[1736]: Failed password for root from ######## port 55371 ssh2
Jun 21 06:48:54 myserver sshd[1732]: Failed password for root from ============ port 40613 ssh2
De acordo com o link O saslauthd pára de funcionar após uma certa quantidade de logins (bem-sucedida e / ou falha).
Você não precisa reiniciar o servidor inteiro, o seguinte é suficiente: service saslauthd restart
Você pode colocar isso em um crontab. Se muitos logins forem originados do mesmo IP mal-intencionado, você poderá descartar a solicitação desse IP no firewall para que o saslauthd dure mais tempo, por exemplo, iptables -A INPUT -s 185.29.11.6 -j DROP