You are not logged in. Please login or register.
iRedMail → iRedMail Support → SASL LOGIN authentication failed: UGFzc3dvcmQ6
Hi,
We are getting a lot of annoying "warning: unknown[]: SASL LOGIN authentication failed: UGFzc3dvcmQ6" probably from spammers.
Is there an easy way to block this with fail2ban?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
Fail2ban is configured to ban such client with jail /etc/fail2ban/jail.d/postfix.local.
Fail2ban is configured to ban such client with jail /etc/fail2ban/jail.d/postfix.local.
I'm afraid something is not working as it should. It looks like this:
Status for the jail: postfix
|- Filter
| |- Currently failed: 30
| |- Total failed: 1315
| `- File list: /var/log/maillog
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
----------------------------------------
postfix.local
[postfix]
backend = polling
journalmatch=
enabled = true
filter = postfix.iredmail
logpath = /var/log/maillog
action = iptables-multiport[name=postfix, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
banned_db[name=postfix, port="80,443,25,587,465,110,995,143,993,4190", protocol=tcp]
sendmail-whois[name=postfix, dest=root@example.com, sender=fail2ban@example.com]
iptables was dropped some time ago, iredmail uses nftables instead (which is common for any debian higher than 9.0)
aswell, seems that you have an own implementation since banned_db needs an API token and sendmail-whois is not configured by default
iRedMail → iRedMail Support → SASL LOGIN authentication failed: UGFzc3dvcmQ6
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 2 official extensions. Copyright © 2003–2010 PunBB.
Generated in 0.008 seconds (72% PHP - 28% DB) with 10 queries