Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)

[shopuser]

Server operating system version

Ubuntu 20.04.4 LTS

Plesk version and microupdate number

Plesk Obsidian Version 18.0.45

i have a nonstop this type from attacks,scannings:

Aug 14 07:13:39 server plesk_saslauthd[2529904]: failed mail authentication attempt for user 'info' (password len=9)
Aug 14 07:13:39 server postfix/smtpd[2529839]: warning: unknown[213.154.2.42]: SASL LOGIN authentication failed: authentication failure
Aug 14 07:13:40 server postfix/smtpd[2529839]: lost connection after AUTH from unknown[213.154.2.42]
Aug 14 07:13:40 server postfix/smtpd[2529839]: disconnect from unknown[213.154.2.42] ehlo=1 auth=0/1 commands=1/2

fail2ban catch all this ips, and block but what is this for a login ?
why is : "failed mail authentication attempt for user 'info' " all my mailadreess have a alias

how i can block this logins complete ?

in the firewall i have a rule on Plesk for SSH, FTP, IMAP-Server (for receive mail ) only with the subnet from my home internet and my local mobile provider,
i can receive my mails, SHH ,FTP only from this subnet ip area

 

[mow]

fail2ban catch all this ips, and block but what is this for a login ?

trying to SMTP AUTH to be able to send(relay) spam through your server

why is : "failed mail authentication attempt for user 'info' " all my mailadreess have a alias

but the attacker doesn't know that

how i can block this logins complete ?

You can't just block the smtp ports because that would block all incoming mail.

 

[Maarten.]

You could try fail2ban:

https://support.plesk.com/hc/en-us/articles/115002613513-Constant-failed-mail-authenticatication-entries-are-logged-in-mail-log-in-Plesk-server

 

[mow]

You could try fail2ban:

They do:

fail2ban catch all this ips, and block