postfix SASL Login

Discussion in 'ISPConfig 3 Priority Support' started by Tom John, Nov 7, 2020.

  1. Tom John

    Tom John Member HowtoForge Supporter

    Hi guys,
    in the logfile of mail i can see:
    Code:
    warning: unknown[45.142.120.149]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:19 server2 postfix/smtpd[23576]: disconnect from unknown[45.142.120.149] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:19 server2 postfix/smtpd[23454]: connect from unknown[45.142.120.147]
    Nov  7 20:04:21 server2 postfix/smtpd[23466]: connect from unknown[45.142.120.209]
    Nov  7 20:04:24 server2 postfix/smtpd[23489]: connect from unknown[45.142.120.56]
    Nov  7 20:04:24 server2 postfix/smtpd[23755]: connect from unknown[45.142.120.15]
    Nov  7 20:04:25 server2 postfix/smtpd[23490]: warning: unknown[45.142.120.32]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:25 server2 postfix/smtpd[23490]: disconnect from unknown[45.142.120.32] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:26 server2 postfix/smtpd[23454]: warning: unknown[45.142.120.147]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:27 server2 postfix/smtpd[23454]: disconnect from unknown[45.142.120.147] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:28 server2 postfix/smtpd[23757]: connect from unknown[45.142.120.39]
    Nov  7 20:04:28 server2 postfix/smtpd[23501]: connect from unknown[45.142.120.192]
    Nov  7 20:04:28 server2 postfix/smtpd[23466]: warning: unknown[45.142.120.209]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:28 server2 postfix/smtpd[23466]: disconnect from unknown[45.142.120.209] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:31 server2 postfix/smtpd[23489]: warning: unknown[45.142.120.56]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:31 server2 postfix/smtpd[23755]: warning: unknown[45.142.120.15]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Nov  7 20:04:31 server2 postfix/smtpd[23755]: disconnect from unknown[45.142.120.15] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Nov  7 20:04:31 server2 postfix/smtpd[23489]: disconnect from unknown[45.142.120.56] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    
    
    Is it recommended to block the IP for SMTP temporarily or for ever, or what action would you recommend ?
    thanks in advance for your help
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I use Fail2Ban to automatically ban IP's with 5+ failed entries. However, on a mail server I would not set the bantime for this too high because if a client changes the password they can have some failed logins aswell. I have the recidive jail enabled to ban IP's that have been banned before for a longer time.
     
  3. mrbronz

    mrbronz Member HowtoForge Supporter

    How do you do this?
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Install Fail2Ban and enable the postfix-sasl jail in the jail.local file. Then restart Fail2Ban.
     
  5. mrbronz

    mrbronz Member HowtoForge Supporter

    Thank you, I was being lazy and have just read the Fail2ban manual sorry
    Just for the information of anyone else reading this, the most important file is probably the jail.conf
    Nano /etc/fail2ban/jail.conf
    However, it's default settings are adequate for most purposes
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    If you have followed the ISPConfig installation instructions (perfect server guide), then fail2ban is already installed and configured.
     
  7. mrbronz

    mrbronz Member HowtoForge Supporter

    Hi Till
    Yes indeed I have, but I thought it might be a setting I could tweak to make my server a little more secure. but the perfect server I followed already has the optimal settings.
    The perfect server series of howtos are indeed comprehensive,
    I would recommend anyone wanting to learn about installing servers use them they will teach you so much.
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You should put your changes in jail.local, not jail.conf.
     
    mrbronz likes this.
  9. mrbronz

    mrbronz Member HowtoForge Supporter

    Thanks for that yes it states that in the manual.
    The jail.conf takes presidents over jail.local so it stands to reason to put any changes in the jail.local.
     

Share This Page