SASL LOGIN authentication failed

Discussion in 'Installation/Configuration' started by thabangk, Nov 6, 2012.

  1. thabangk

    thabangk New Member

    Hi All

    I have installed ISCConfig 3 on Centos 6.3
    with dovecot installed and used the below link for installation :
    http://www.howtoforge.com/perfect-server-centos-6.3-x86_64-nginx-dovecot-ispconfig-3-p5
    and everything seems to be fine and working but I am more worried about finding something like this in the maillog:

    57264:Nov 6 10:02:45 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    57270:Nov 6 10:02:53 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    57439:Nov 6 10:15:35 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    57446:Nov 6 10:16:02 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    57456:Nov 6 10:16:20 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    57463:Nov 6 10:16:31 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    57471:Nov 6 10:16:50 mailserver postfix/smtpd[5595]: warning: unknown[110.52.0.169]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

    and i configured fail2ban, it manages to block IP's using postfix but the SASL are not blocked, please see my jail.conf below.
    [postfix]

    enabled = true
    filter = postfix
    action = iptables[name=SMTP, port=smtp, protocol=tcp]
    sendmail[name=Postfix, dest=name@domain.com]
    logpath = /var/log/maillog
    maxretry = 2
    bantime = 3000000000

    [postfix-tcpwrapper]

    enabled = true
    filter = postfix
    action = hostsdeny[file=/not/a/standard/path/hosts.deny]
    sendmail[name=Postfix, dest=name@domain.com]
    logpath = /var/log/postfix.log
    bantime = 3000

    [sasl]

    enabled = true
    port = smtp
    filter = sasl
    action = iptables[name=SMTP, port=smtp,smtpd, protocol=tcp]
    sendmail[name=sasl, dest=name@domain.com]
    logpath = /var/log/mail.log
    maxretry = 1

    I tried all this regular expressions in sasl.conf so that i can block the IP that attempts this login

    #failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: authentication failure :) [A-Za-z0-9+/]*={0,2})?
    failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:) [A-Za-z0-9+/]*={0,2})?

    but still no luck. can someone please assist.
     
  2. falko

    falko Super Moderator

    If you use Dovecot, there should be no saslauthd running because authentication is handled by Dovecot. Or do you use Courier instead?
     
  3. misuv

    misuv New Member

    I have the same problem

    I have the same problem.

    in /etc/postfix/main.cf I have:

    Code:
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    
    Should I turn them off? :confused:

    Thanks
     
  4. CreeWarrior

    CreeWarrior New Member

Share This Page