Facebook
Twitter
finbarr69
Basic Pleskian
I'm scratching my head over this one. Only one of many many users I have is getting blocked from sending emails by Fail2ban. I regularly have to unblock his (dynamic) IP address. Thinking it was a rogue email account in his mobile phone, I checked but found nothing wrong. So, invesitgating the logs I see...
(logs anonymised)
Feb 18 18:04:46 mail postfix/smtpd[18901]: connect from my_client_hostname[my_client_ip_address]
Feb 18 18:04:46 mail postfix/smtpd[18901]: warning: SASL authentication failure: realm changed: authentication aborted
Feb 18 18:04:46 mail postfix/smtpd[18901]: warning: my_client_hostname[my_client_ip_address]: SASL DIGEST -MD5 authentication failed: authentication failure
Feb 18 18:04:46 mail postfix/smtpd[18901]: B77EC267EA: client=my_client_hostname[my_client_ip_address], sasl_method=LOGIN, sasl_username=my_client_email_address
Feb 18 18:04:46 mail postfix/cleanup[18300]: B77EC267EA: message-id=<007801d16a76$db31e360$9195aa20$@my_client_domain>
Feb 18 18:04:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[4585]: handlers_stderr: SKIP
Feb 18 18:04:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[4585]: SKIP during call 'check-quota' handler
Feb 18 18:04:52 mail postfix/qmgr[7088]: B77EC267EA: from=<my_client_email_address>, size=600413, nrcpt=1 (queue active)
Feb 18 18:04:52 mail postfix/smtpd[18335]: connect from my_server_name [127.0.0.1]
So you can see
warning: SASL authentication failure: realm changed: authentication aborted
but then he manages successfully to send an email.
So it looks like his email client is using some authentication method that doesn't work initially, and then his email client tries a different authentication method that works ok. His email client is Microsoft Outlook 2013
I believe the SASL authentication failure message is the reason he is getting blocked by Fail2Ban, despite the success in sending the email a few seconds later.
Can anyone shed any light on what Outlook is doing wrong that causes the "realm changed" message? Presumably in the Outlook SMTP settings, something is wrong?
Thanks
Brian
(logs anonymised)
Feb 18 18:04:46 mail postfix/smtpd[18901]: connect from my_client_hostname[my_client_ip_address]
Feb 18 18:04:46 mail postfix/smtpd[18901]: warning: SASL authentication failure: realm changed: authentication aborted
Feb 18 18:04:46 mail postfix/smtpd[18901]: warning: my_client_hostname[my_client_ip_address]: SASL DIGEST -MD5 authentication failed: authentication failure
Feb 18 18:04:46 mail postfix/smtpd[18901]: B77EC267EA: client=my_client_hostname[my_client_ip_address], sasl_method=LOGIN, sasl_username=my_client_email_address
Feb 18 18:04:46 mail postfix/cleanup[18300]: B77EC267EA: message-id=<007801d16a76$db31e360$9195aa20$@my_client_domain>
Feb 18 18:04:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[4585]: handlers_stderr: SKIP
Feb 18 18:04:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[4585]: SKIP during call 'check-quota' handler
Feb 18 18:04:52 mail postfix/qmgr[7088]: B77EC267EA: from=<my_client_email_address>, size=600413, nrcpt=1 (queue active)
Feb 18 18:04:52 mail postfix/smtpd[18335]: connect from my_server_name [127.0.0.1]
So you can see
warning: SASL authentication failure: realm changed: authentication aborted
but then he manages successfully to send an email.
So it looks like his email client is using some authentication method that doesn't work initially, and then his email client tries a different authentication method that works ok. His email client is Microsoft Outlook 2013
I believe the SASL authentication failure message is the reason he is getting blocked by Fail2Ban, despite the success in sending the email a few seconds later.
Can anyone shed any light on what Outlook is doing wrong that causes the "realm changed" message? Presumably in the Outlook SMTP settings, something is wrong?
Thanks
Brian
