• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question plesk_saslauthd - Attack, no IP seen

G

Gjimi

New Pleskian
Server operating system version
Debian 10
Plesk version and microupdate number
18.0.59
plesk_saslauthd is under attack, there are thousands of the:

plesk_saslauthd[17936]: No such user '[email protected]' in mail authorization database
plesk_saslauthd[17936]: failed mail authentication attempt for user '[email protected]' (password len=13)

in the logs.
(just something)

no IP to see no further information.
 
The plesk_saslauthd log entires are accompanied by postfix/smtpd log entires. These do contain the IP address from which the login attempt is made.

Looks something like this
Scherm­afbeelding 2024-04-11 om 10.47.10.png
 
just none! otherwise the IP would have been blocked or Fail2Ban does it, but he can't because no IP can be seen, I wrote.

Apr 11 15:43:39 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:39 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=6)
Apr 11 15:43:42 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:42 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=6)
Apr 11 15:43:42 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:42 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=6)
Apr 11 15:43:43 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:43 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=9)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=9)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=9)
Apr 11 15:43:50 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:50 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)
Apr 11 15:43:51 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:51 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)

and just keep it up, nothing different
 
Interesting. I don't know why that is. Best suggestion I can offer is to contact Plesk support to let them investigate the issue.
 
You must log in or register to reply here.

Similar threads

A
Question Warnings in mail log [SASL LOGIN authentication failed]
Replies
1
Views
428
Peter Debik
P
O
Resolved Brute Force Attack
Replies
9
Views
2K
Maarten.
M
S
Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)
Replies
3
Views
2K
mow
M
B
Resolved no SASL authentication mechanisms
2
Replies
21
Views
5K
bork
B
A
Question Spam attack in postfix log file
Replies
13
Views
3K
mow
M
Back
Top