Web Development Blog

24K Design Studio :: Blog :: CSF setting to catch SASL LOGIN authentication failed on CentOS
Author:
Password:
CSF setting to catch SASL LOGIN authentication failed on CentOS
11:02, 15 Apr, 2015
by James

nano /etc/csf/csf.conf

Find CUSTOM1_LOG and edit the content to:

CUSTOM1_LOG = "/var/log/maillog"

 

Add the regex to catch the failed attempts against SASL

nano /usr/local/csf/bin/regex.custom.pm

Add the below regex between "Do not edit before this point" and "Do not edit beyond this point":

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
    return ("Failed SASL login from",$1,"mysaslmatch","3","25","3600");
}

 

Restart CSF:

csf -r

Reply:
Your name:
Only visible to the author.

Tell us you are not a robot. What is captcha1captchaOcaptcha2 =

Reply
#1
qaebmpbd
05:03, 25 Nov, 2015
 
1
Reply
Your name:
Only visible to the author.

Tell us you are not a robot. What is captcha1captchaOcaptcha2 =

Reply
#2
Dan
21:01, 29 Sep, 2016
 
This is not working on CentOS 6.8

I'v added the code in regex.custom and changed to CUSTOM2_LOG because in CUSTOM1_LOG was some panel log in csf.conf.

Here's a asample from maillog:
Sep 29 14:56:46 vpsxxx postfix/smtpd[20536]: warning: static-***.net[100.*.*.*]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Reply
Your name:
Only visible to the author.

Tell us you are not a robot. What is captcha1captchaOcaptcha2 =

Reply
View the latest 5 entries.