Facebook
Twitter
- Server operating system version
- Ubuntu 22.04.1 LTS
- Plesk version and microupdate number
- Plesk Obsidian Version 18.0.49
Hello Community,
I try to ban user with too many SASL authentication failures, the jail plesk-postfix does not seem to do this out of the box - at least I find a lot of tries in the maillog but no IP in its jail. There might be several reasons. First I'm a bit confused because I find a jail named 'plesk-postfix' but if I click on 'manage filters' there is only a jail named "postfix' - do they belong together? If not it would be interesting where to find the filter management of plesk-postfix. If so I guess the problem might result from the lines
mdpr-auth = warning:
mdre-auth = ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
?! Connection lost to authentication server| Invalid authentication mechanism)
mdre-auth2 = ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed?! Connection lost to authentication server)
that look similar but not exactly like the entries in my maillog that are always written as:
warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Is it possible to make it work replacing 'Connection lost to authentication server' with 'authentication failure' or must there be other modifications anywhere?
thanks, Uwe
I try to ban user with too many SASL authentication failures, the jail plesk-postfix does not seem to do this out of the box - at least I find a lot of tries in the maillog but no IP in its jail. There might be several reasons. First I'm a bit confused because I find a jail named 'plesk-postfix' but if I click on 'manage filters' there is only a jail named "postfix' - do they belong together? If not it would be interesting where to find the filter management of plesk-postfix. If so I guess the problem might result from the lines
mdpr-auth = warning:
mdre-auth = ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
?! Connection lost to authentication server| Invalid authentication mechanism)mdre-auth2 = ^[^[]*\[<HOST>\]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
?! Connection lost to authentication server)that look similar but not exactly like the entries in my maillog that are always written as:
warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Is it possible to make it work replacing 'Connection lost to authentication server' with 'authentication failure' or must there be other modifications anywhere?
thanks, Uwe
