Postfix scenrios - SASL LOGIN authentication failed

crowdsec
1

I am wondering if CrowdSec is currently covering the “SASL LOGIN authentication failed” scenario. I have read this thread (one year old) New install, postfix / IMAP and it appears that Fail2Ban does but Crowdsec not yet?

In any case, I have the postfix scenarios installed but my log is full of authentication attempts, with individual IPs trying 20 times and more.

postfix/submission/smtpd[1994969]: warning: unknown[141.98.10.106]: SASL LOGIN authentication failed:

As a workaround a created a script which filters out those IPs followed by

cscli decisions add --ip $ip

Should Crowdsec catch these already? If not, any plans?

2

Closed with Discord

1 Like
3

@toz: I have the same issue, followed the discourse discussion, but I do not get the solution. Is there any?

4

Tried to look for the solution on Discord, following the link says: “You are on a strange place…” Well something lilke, the post ist not found.

Can someone help or paste the solution here? Thanks!

5

What I ended up doing is increasing some of the default values of the scenario.
I can’t look it up for you right now I am afraid, as I am currently not able to log on to this horrible, blinking Discord mess.

Apparently I am logging in from a new location (which I don’t), and by the time the confirmation email arrives the token expired…

1 Like
6

@toz

Thanks, I appreciate your help! Maybe it is a good idea to tranfer the solution in this place here, where it has the chance to be permanent accessible.
I found only this and another post regarding “postfix-sasl” and this post here provides a solution that unfortunately “disapeared” :wink:

7

Hello friends,
I also have the problem that servers from all over the world frequently attempt to log on to my mail server. I wanted to enquire how you have solved this problem? I can’t find a working workaround for CrowdSec.

Thanks for your help.

8

Discord is loathsome.