HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SASL LOGIN authentication failed (http://www.howtoforge.com/forums/showthread.php?t=59436)

thabangk 6th November 2012 09:40

SASL LOGIN authentication failed
 
Hi All

I have installed ISCConfig 3 on Centos 6.3
with dovecot installed and used the below link for installation :
http://www.howtoforge.com/perfect-se...ispconfig-3-p5
and everything seems to be fine and working but I am more worried about finding something like this in the maillog:

57264:Nov 6 10:02:45 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57270:Nov 6 10:02:53 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57439:Nov 6 10:15:35 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57446:Nov 6 10:16:02 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57456:Nov 6 10:16:20 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57463:Nov 6 10:16:31 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57471:Nov 6 10:16:50 mailserver postfix/smtpd[5595]: warning: unknown[110.52.0.169]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

and i configured fail2ban, it manages to block IP's using postfix but the SASL are not blocked, please see my jail.conf below.
[postfix]

enabled = true
filter = postfix
action = iptables[name=SMTP, port=smtp, protocol=tcp]
sendmail[name=Postfix, dest=name@domain.com]
logpath = /var/log/maillog
maxretry = 2
bantime = 3000000000

[postfix-tcpwrapper]

enabled = true
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=name@domain.com]
logpath = /var/log/postfix.log
bantime = 3000

[sasl]

enabled = true
port = smtp
filter = sasl
action = iptables[name=SMTP, port=smtp,smtpd, protocol=tcp]
sendmail[name=sasl, dest=name@domain.com]
logpath = /var/log/mail.log
maxretry = 1

I tried all this regular expressions in sasl.conf so that i can block the IP that attempts this login

#failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: authentication failure (: [A-Za-z0-9+/]*={0,2})?
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?

but still no luck. can someone please assist.

falko 8th November 2012 15:46

If you use Dovecot, there should be no saslauthd running because authentication is handled by Dovecot. Or do you use Courier instead?

misuv 1st May 2014 20:19

I have the same problem
 
Quote:

Originally Posted by falko (Post 288037)
If you use Dovecot, there should be no saslauthd running because authentication is handled by Dovecot. Or do you use Courier instead?

I have the same problem.

in /etc/postfix/main.cf I have:

Code:

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes

Should I turn them off? :confused:

Thanks


All times are GMT +2. The time now is 05:38.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.