• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)

S

shopuser

Basic Pleskian
Server operating system version
Ubuntu 20.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian Version 18.0.45
i have a nonstop this type from attacks,scannings:

Aug 14 07:13:39 server plesk_saslauthd[2529904]: failed mail authentication attempt for user 'info' (password len=9)
Aug 14 07:13:39 server postfix/smtpd[2529839]: warning: unknown[213.154.2.42]: SASL LOGIN authentication failed: authentication failure
Aug 14 07:13:40 server postfix/smtpd[2529839]: lost connection after AUTH from unknown[213.154.2.42]
Aug 14 07:13:40 server postfix/smtpd[2529839]: disconnect from unknown[213.154.2.42] ehlo=1 auth=0/1 commands=1/2

fail2ban catch all this ips, and block but what is this for a login ?
why is : "failed mail authentication attempt for user 'info' " all my mailadreess have a alias

how i can block this logins complete ?

in the firewall i have a rule on Plesk for SSH, FTP, IMAP-Server (for receive mail ) only with the subnet from my home internet and my local mobile provider,
i can receive my mails, SHH ,FTP only from this subnet ip area
 
shopuser said:
fail2ban catch all this ips, and block but what is this for a login ?
Click to expand...
trying to SMTP AUTH to be able to send(relay) spam through your server
shopuser said:
why is : "failed mail authentication attempt for user 'info' " all my mailadreess have a alias
Click to expand...
but the attacker doesn't know that
shopuser said:
how i can block this logins complete ?
Click to expand...
You can't just block the smtp ports because that would block all incoming mail.
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
1K
mizar
mizar
A
Question Warnings in mail log [SASL LOGIN authentication failed]
Replies
1
Views
2K
Peter Debik
P
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
584
Vladimir C.
V
J
Resolved 25: Connection timed out - Almalinux 9.4 x86_64 | 18.0.61.1
Replies
2
Views
2K
josemanuuxd
J
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
854
EnriqueR
EnriqueR
Back
Top