Facebook
Twitter
Cristian Rodriguez
New Pleskian
What is the goal of this line inside postfix/main.cf?
plesk_saslauthd unix y y n - 1 plesk_saslauthd status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
i have notice today about a brute force attack, i had installed Fail2ban but it is not banning this attemps so i saw that this attemps were related to one process PID asociated with plesk_saslauthd after looking for a response in internet i did not find any important related with this issue. I went to postfix/master.cf and i saw this line that is the same appearing in the PID details, i deleted this line from the file and now these attemps disappeared from /var/log/maillog.
My questions what this line do? is this important and why is it there?
What call to my atenttion is that normal attemps are managed througth postfix/smtp not througth plesk_saslauthd, so i guess this attemps come from an script in a subscriition inside my server. email server is workin correctly so maybe i do not need to add this line in postfix/master.cf
Log from maillog
20:04:34 mail plesk_saslauthd[23595]: failed mail authentication attempt for user '[email protected]' (password len=13)
[root@mail xxxxx.xxx]# ps aux | grep 23595
postfix 23595 0.0 0.0 94764 5100 ? S 17:26 0:01 plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
UPDATE
After disable this line this logs are shown, may be the same login attempts
Jun 4 21:14:54 mail postfix/smtpd[20834]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
It seems it solved the problem
plesk_saslauthd unix y y n - 1 plesk_saslauthd status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
i have notice today about a brute force attack, i had installed Fail2ban but it is not banning this attemps so i saw that this attemps were related to one process PID asociated with plesk_saslauthd after looking for a response in internet i did not find any important related with this issue. I went to postfix/master.cf and i saw this line that is the same appearing in the PID details, i deleted this line from the file and now these attemps disappeared from /var/log/maillog.
My questions what this line do? is this important and why is it there?
What call to my atenttion is that normal attemps are managed througth postfix/smtp not througth plesk_saslauthd, so i guess this attemps come from an script in a subscriition inside my server. email server is workin correctly so maybe i do not need to add this line in postfix/master.cf
Log from maillog
20:04:34 mail plesk_saslauthd[23595]: failed mail authentication attempt for user '[email protected]' (password len=13)
[root@mail xxxxx.xxx]# ps aux | grep 23595
postfix 23595 0.0 0.0 94764 5100 ? S 17:26 0:01 plesk_saslauthd -l -t unix -u status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
UPDATE
After disable this line this logs are shown, may be the same login attempts
Jun 4 21:14:54 mail postfix/smtpd[20834]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
It seems it solved the problem
Last edited:
