Postfix scenrios - SASL LOGIN authentication failed

I am wondering if CrowdSec is currently covering the “SASL LOGIN authentication failed” scenario. I have read this thread (one year old) New install, postfix / IMAP and it appears that Fail2Ban does but Crowdsec not yet?

In any case, I have the postfix scenarios installed but my log is full of authentication attempts, with individual IPs trying 20 times and more.

postfix/submission/smtpd[1994969]: warning: unknown[]: SASL LOGIN authentication failed:

As a workaround a created a script which filters out those IPs followed by

cscli decisions add --ip $ip

Should Crowdsec catch these already? If not, any plans?

Closed with Discord

1 Like

@toz: I have the same issue, followed the discourse discussion, but I do not get the solution. Is there any?

Tried to look for the solution on Discord, following the link says: “You are on a strange place…” Well something lilke, the post ist not found.

Can someone help or paste the solution here? Thanks!

What I ended up doing is increasing some of the default values of the scenario.
I can’t look it up for you right now I am afraid, as I am currently not able to log on to this horrible, blinking Discord mess.

Apparently I am logging in from a new location (which I don’t), and by the time the confirmation email arrives the token expired…


Thanks, I appreciate your help! Maybe it is a good idea to tranfer the solution in this place here, where it has the chance to be permanent accessible.
I found only this and another post regarding “postfix-sasl” and this post here provides a solution that unfortunately “disapeared” :wink: