Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 6th November 2012, 09:40
thabangk thabangk is offline
Member
 
Join Date: Sep 2009
Posts: 49
Thanks: 0
Thanked 0 Times in 0 Posts
Lightbulb SASL LOGIN authentication failed

Hi All

I have installed ISCConfig 3 on Centos 6.3
with dovecot installed and used the below link for installation :
http://www.howtoforge.com/perfect-se...ispconfig-3-p5
and everything seems to be fine and working but I am more worried about finding something like this in the maillog:

57264:Nov 6 10:02:45 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57270:Nov 6 10:02:53 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57439:Nov 6 10:15:35 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57446:Nov 6 10:16:02 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57456:Nov 6 10:16:20 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57463:Nov 6 10:16:31 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
57471:Nov 6 10:16:50 mailserver postfix/smtpd[5595]: warning: unknown[110.52.0.169]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

and i configured fail2ban, it manages to block IP's using postfix but the SASL are not blocked, please see my jail.conf below.
[postfix]

enabled = true
filter = postfix
action = iptables[name=SMTP, port=smtp, protocol=tcp]
sendmail[name=Postfix, dest=name@domain.com]
logpath = /var/log/maillog
maxretry = 2
bantime = 3000000000

[postfix-tcpwrapper]

enabled = true
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=name@domain.com]
logpath = /var/log/postfix.log
bantime = 3000

[sasl]

enabled = true
port = smtp
filter = sasl
action = iptables[name=SMTP, port=smtp,smtpd, protocol=tcp]
sendmail[name=sasl, dest=name@domain.com]
logpath = /var/log/mail.log
maxretry = 1

I tried all this regular expressions in sasl.conf so that i can block the IP that attempts this login

#failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: authentication failure (: [A-Za-z0-9+/]*={0,2})?
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?

but still no luck. can someone please assist.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SASL LOGIN authentication failed Captain Installation/Configuration 4 13th March 2012 20:07
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 00:15
Fail2ban + sasl problem and Solution pititis General 1 2nd March 2011 07:02
Cannot login to SquirrelMail sellotape Installation/Configuration 13 26th October 2010 11:03
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17


All times are GMT +2. The time now is 10:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.