Hi All I have installed ISCConfig 3 on Centos 6.3 with dovecot installed and used the below link for installation : http://www.howtoforge.com/perfect-server-centos-6.3-x86_64-nginx-dovecot-ispconfig-3-p5 and everything seems to be fine and working but I am more worried about finding something like this in the maillog: 57264:Nov 6 10:02:45 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 57270:Nov 6 10:02:53 mailserver postfix/smtpd[5198]: warning: unknown[110.52.2.13]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 57439:Nov 6 10:15:35 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 57446:Nov 6 10:16:02 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 57456:Nov 6 10:16:20 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 57463:Nov 6 10:16:31 mailserver postfix/smtpd[5595]: warning: unknown[115.63.10.43]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 57471:Nov 6 10:16:50 mailserver postfix/smtpd[5595]: warning: unknown[110.52.0.169]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 and i configured fail2ban, it manages to block IP's using postfix but the SASL are not blocked, please see my jail.conf below. [postfix] enabled = true filter = postfix action = iptables[name=SMTP, port=smtp, protocol=tcp] sendmail[name=Postfix, [email protected]] logpath = /var/log/maillog maxretry = 2 bantime = 3000000000 [postfix-tcpwrapper] enabled = true filter = postfix action = hostsdeny[file=/not/a/standard/path/hosts.deny] sendmail[name=Postfix, [email protected]] logpath = /var/log/postfix.log bantime = 3000 [sasl] enabled = true port = smtp filter = sasl action = iptables[name=SMTP, port=smtp,smtpd, protocol=tcp] sendmail[name=sasl, [email protected]] logpath = /var/log/mail.log maxretry = 1 I tried all this regular expressions in sasl.conf so that i can block the IP that attempts this login #failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: authentication failure [A-Za-z0-9+/]*={0,2})? failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed [A-Za-z0-9+/]*={0,2})? but still no luck. can someone please assist.
If you use Dovecot, there should be no saslauthd running because authentication is handled by Dovecot. Or do you use Courier instead?
I have the same problem I have the same problem. in /etc/postfix/main.cf I have: Code: smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes Should I turn them off? Thanks
Hi Just wondering if there was any solution to this, im having the same issue used these tuts to create and secure my server https://www.howtoforge.com/perfect-...2-php-mysql-pureftpd-bind-dovecot-ispconfig-3 https://www.howtoforge.com/securing...h-a-free-class1-ssl-certificate-from-startssl Im getting the same warnings in syslog/maillog Thanks
