SASL LOGIN authentication failed

Discussion in 'Server Operation' started by LinuxPete, Jan 18, 2011.

  1. LinuxPete

    LinuxPete Member

    I checked my maillog today and I am getting thousands of "SASL LOGIN authentication failed" from comcast in Seattle.

    postfix/smtpd[29140]: warning:[]: SASL LOGIN authentication failed:

    I've tried to block that ip with:
    iptables -A INPUT -s -j DROP
    iptables -A INPUT -s -p tcp --destination-port 80 -j DROP

    but I still see login failures.

    I did a google and is listed in one black list.

    I only have about 5-10 virt email users that I forward any necessary mail.
    So who ever this is should not be trying to get in my system.

    Is there anything else I can do?

  2. Torsson

    Torsson Member

    I had the same problem but with:[]: SASL LOGIN authentication failed: authentication failure.

    I think we need to put some limitations and block if someone tries to login to many times.
  3. falko

    falko Super Moderator ISPConfig Developer

    I suggest that you install fail2ban.
  4. Torsson

    Torsson Member

    Thank you falko. I have now installed fail2ban and activated it on SASL with the following regex "\[<HOST>\]: SASL LOGIN authentication failed: authentication failure".

    And checked the regex with:
    fail2ban-regex /var/log/mail.log "\[<HOST>\]: SASL LOGIN authentication failed: authentication failure" It found 3500 matches so hope that does the trick :).
  5. LinuxPete

    LinuxPete Member

    Thanks it was running on my system but I had it incorrectly configured.
  6. LinuxPete

    LinuxPete Member

    thanks Torsson. I think I've now got it correctly configured and your example help in using it.

Share This Page