postfix SASL Login

Discussion in 'ISPConfig 3 Priority Support' started by Tom John, Nov 7, 2020.

  1. Tom John

    Tom John Member HowtoForge Supporter

    Hi guys,
    in the logfile of mail i can see:
    Code:
    warning: unknown[45.142.120.149]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:19 server2 postfix/smtpd[23576]: disconnect from unknown[45.142.120.149] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:19 server2 postfix/smtpd[23454]: connect from unknown[45.142.120.147]
    Nov  7 20:04:21 server2 postfix/smtpd[23466]: connect from unknown[45.142.120.209]
    Nov  7 20:04:24 server2 postfix/smtpd[23489]: connect from unknown[45.142.120.56]
    Nov  7 20:04:24 server2 postfix/smtpd[23755]: connect from unknown[45.142.120.15]
    Nov  7 20:04:25 server2 postfix/smtpd[23490]: warning: unknown[45.142.120.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:25 server2 postfix/smtpd[23490]: disconnect from unknown[45.142.120.32] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:26 server2 postfix/smtpd[23454]: warning: unknown[45.142.120.147]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:27 server2 postfix/smtpd[23454]: disconnect from unknown[45.142.120.147] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:28 server2 postfix/smtpd[23757]: connect from unknown[45.142.120.39]
    Nov  7 20:04:28 server2 postfix/smtpd[23501]: connect from unknown[45.142.120.192]
    Nov  7 20:04:28 server2 postfix/smtpd[23466]: warning: unknown[45.142.120.209]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:28 server2 postfix/smtpd[23466]: disconnect from unknown[45.142.120.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:31 server2 postfix/smtpd[23489]: warning: unknown[45.142.120.56]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:31 server2 postfix/smtpd[23755]: warning: unknown[45.142.120.15]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:31 server2 postfix/smtpd[23755]: disconnect from unknown[45.142.120.15] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:31 server2 postfix/smtpd[23489]: disconnect from unknown[45.142.120.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    
    
    Is it recommended to block the IP for SMTP temporarily or for ever, or what action would you recommend ?
    thanks in advance for your help
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I use Fail2Ban to automatically ban IP's with 5+ failed entries. However, on a mail server I would not set the bantime for this too high because if a client changes the password they can have some failed logins aswell. I have the recidive jail enabled to ban IP's that have been banned before for a longer time.
     

Share This Page