• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Question plesk_saslauthd - Attack, no IP seen

G

Gjimi

New Pleskian
Server operating system version
Debian 10
Plesk version and microupdate number
18.0.59
plesk_saslauthd is under attack, there are thousands of the:

plesk_saslauthd[17936]: No such user '[email protected]' in mail authorization database
plesk_saslauthd[17936]: failed mail authentication attempt for user '[email protected]' (password len=13)

in the logs.
(just something)

no IP to see no further information.
 
The plesk_saslauthd log entires are accompanied by postfix/smtpd log entires. These do contain the IP address from which the login attempt is made.

Looks something like this
Scherm­afbeelding 2024-04-11 om 10.47.10.png
 
just none! otherwise the IP would have been blocked or Fail2Ban does it, but he can't because no IP can be seen, I wrote.

Apr 11 15:43:39 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:39 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=6)
Apr 11 15:43:42 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:42 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=6)
Apr 11 15:43:42 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:42 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=6)
Apr 11 15:43:43 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:43 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=9)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=9)
Apr 11 15:43:45 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:45 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=9)
Apr 11 15:43:50 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:50 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)
Apr 11 15:43:51 96 plesk_saslauthd[14952]: No such user '[email protected]' in mail authorization database
Apr 11 15:43:51 96 plesk_saslauthd[14952]: failed mail authentication attempt for user '[email protected]' (password len=13)

and just keep it up, nothing different
 
Interesting. I don't know why that is. Best suggestion I can offer is to contact Plesk support to let them investigate the issue.
 
You must log in or register to reply here.

Similar threads

A
Question Warnings in mail log [SASL LOGIN authentication failed]
Replies
1
Views
526
Peter Debik
P
O
Resolved Brute Force Attack
Replies
9
Views
2K
Maarten.
M
S
Question Firewall blocking plesk_saslauthd failed mail authentication attempt for user 'info' (password len=9)
Replies
3
Views
2K
mow
M
B
Resolved no SASL authentication mechanisms
2
Replies
21
Views
5K
bork
B
A
Question Spam attack in postfix log file
Replies
13
Views
3K
mow
M
Back
Top