Postfix scenrios - SASL LOGIN authentication failed

I am wondering if CrowdSec is currently covering the “SASL LOGIN authentication failed” scenario. I have read this thread (one year old) New install, postfix / IMAP and it appears that Fail2Ban does but Crowdsec not yet?

In any case, I have the postfix scenarios installed but my log is full of authentication attempts, with individual IPs trying 20 times and more.

postfix/submission/smtpd[1994969]: warning: unknown[141.98.10.106]: SASL LOGIN authentication failed:

As a workaround a created a script which filters out those IPs followed by

cscli decisions add --ip $ip

Should Crowdsec catch these already? If not, any plans?

Closed with Discord

1 Like