Issue Postfix and SASL error

[Aaronk]

It is a vserver from the hoster Host Europe, Operating system CentOS 7, Plesk
Obsidian Web Admin Edition Version 18.0.31 Update Nr. 1

I logged in user root. What I have to do, to fix the Problem?

[root@vserver ~]# systemctl status postfix.service
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/postfix.service.d
           └─respawn.conf
   Active: active (running) since Sat 2020-11-28 19:08:11 UTC; 14h ago
 Main PID: 866 (master)
   CGroup: /system.slice/postfix.service
           ├─  866 /usr/libexec/postfix/master -w
           ├─  878 qmgr -l -t fifo -u
           ├─  912 tlsmgr -l -t unix -u
           ├─  913 anvil -l -t unix -u
           ├─  914 plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
           ├─ 1580 pickup -l -t fifo -u
           ├─ 8850 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 8861 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 8870 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 8908 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 8914 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 8921 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 9005 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 9008 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 9120 smtpd -n smtp -t inet -u -o stress= -s 2
           ├─ 9782 smtpd -n smtp -t inet -u -o stress= -s 2
           └─10277 spawn -n 127.0.0.1:12346 -t inet user=popuser popuser argv=/usr/lib64/plesk-9.0/postfix-srs


Nov 29 09:57:30 vserver.examle.com postfix/smtpd[9120]: warning: unknown[45.142.120.93]: SASL LOGIN authentication failed: authentication failure
Nov 29 09:57:30 vserver.examle.com postfix/smtpd[9120]: disconnect from unknown[45.142.120.93] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Nov 29 09:57:33 vserver.examle.com postfix/smtpd[8908]: connect from unknown[45.142.120.93]
Nov 29 09:57:33 vserver.examle.com plesk_saslauthd[914]: No such user '[email protected]' in mail authorization database
Nov 29 09:57:33 vserver.examle.com plesk_saslauthd[914]: failed mail authentication attempt for user '[email protected]' (password len=4)
Nov 29 09:57:33 vserver.examle.com postfix/smtpd[8908]: warning: unknown[45.142.120.93]: SASL LOGIN authentication failed: authentication failure
Nov 29 09:57:33 vserver.examle.com postfix/smtpd[8908]: disconnect from unknown[45.142.120.93] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Nov 29 09:57:33 vserver.examle.com postfix/smtpd[9008]: connect from unknown[45.142.120.93]
Nov 29 09:57:34 vserver.examle.com postfix/smtpd[8870]: connect from unknown[45.142.120.93]
Nov 29 09:57:36 vserver.examle.com postfix/smtpd[9782]: connect from unknown[45.142.120.93]

 

[Bitpalast]

I cannot see any problem. The service is up and it looks like it is doing what it ought to do. What problem are you referring to?

Are you asking why the failed login attempts are logged and how to stop these? Such failed logins are normal. Servers are targeted by hackers 24/7 with thousands of such login attempts. If you want to block part of them, I recommend to activate the postfix, postfix-sasl, dovecot and recidive jails in Tools & Settings > Security > IP Address Banning (Fail2Ban). That will block the attacker ips after n failures.