• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)

S

shopuser

Basic Pleskian
Server operating system version
Ubuntu 20.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian Version 18.0.45
i have a nonstop this type from attacks,scannings:

Aug 14 07:13:39 server plesk_saslauthd[2529904]: failed mail authentication attempt for user 'info' (password len=9)
Aug 14 07:13:39 server postfix/smtpd[2529839]: warning: unknown[213.154.2.42]: SASL LOGIN authentication failed: authentication failure
Aug 14 07:13:40 server postfix/smtpd[2529839]: lost connection after AUTH from unknown[213.154.2.42]
Aug 14 07:13:40 server postfix/smtpd[2529839]: disconnect from unknown[213.154.2.42] ehlo=1 auth=0/1 commands=1/2

fail2ban catch all this ips, and block but what is this for a login ?
why is : "failed mail authentication attempt for user 'info' " all my mailadreess have a alias

how i can block this logins complete ?

in the firewall i have a rule on Plesk for SSH, FTP, IMAP-Server (for receive mail ) only with the subnet from my home internet and my local mobile provider,
i can receive my mails, SHH ,FTP only from this subnet ip area
 
shopuser said:
fail2ban catch all this ips, and block but what is this for a login ?
Click to expand...
trying to SMTP AUTH to be able to send(relay) spam through your server
shopuser said:
why is : "failed mail authentication attempt for user 'info' " all my mailadreess have a alias
Click to expand...
but the attacker doesn't know that
shopuser said:
how i can block this logins complete ?
Click to expand...
You can't just block the smtp ports because that would block all incoming mail.
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
959
mizar
mizar
A
Question Warnings in mail log [SASL LOGIN authentication failed]
Replies
1
Views
2K
Peter Debik
P
wakabayashi
Question SMTP Firewall - is it possible to block brutforce attacks?
Replies
3
Views
447
Vladimir C.
V
J
Resolved 25: Connection timed out - Almalinux 9.4 x86_64 | 18.0.61.1
Replies
2
Views
2K
josemanuuxd
J
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
632
EnriqueR
EnriqueR
Back
Top