1

Topic: Keep getting a strange SASL PLAIN authentication failed:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail-1.6.0
- Deployed with iRedMail Easy or the downloadable installer? 1.6.0.tar.gz
- Linux/BSD distribution name and version: Alma8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Keep getting a strange SASL connection fail.
warning: f2.back.inback1.com[135.148.47.206]: SASL PLAIN authentication failed:

is it an attack?

Is the postfix-pregreet jail supposed to stop this?

I tried adding to the /etc/fail2ban/jail.local

[sasl]
enabled     = true
maxretry    = 3
action      = iptables-multiport[name=sasl, port="smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s", protocol=tcp]
               sendmail-whois[name=sasl, dest=root, sender=fail2ban@foo.bar]
filter   = postfix-sasl
logpath  = /var/log/mail.warn

but the sasl jail was not created.

Please Help!
Thank you

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Keep getting a strange SASL PLAIN authentication failed:

yaroslavkhmel wrote:

is it an attack?

- It means someone sent incorrect username and / or password for smtp auth.
- Is it an attack? Yes and no. It could be your own end users who entered wrong username / password, or some spammer/attacker is trying to hack the account via smtp service.

yaroslavkhmel wrote:

Is the postfix-pregreet jail supposed to stop this?

Not "postfix-pregreet" jail, but "postfix" jail (/etc/fail2ban/jail.d/postfix.local).