- Plesk Onyx for Linux
- Plesk for Windows
The following record appears every second in
plesk_saslauthd: failed mail authenticatication attempt for user 'firstname.lastname@example.org' (password len=7)plesk_saslauthd: failed mail authenticatication attempt for user 'email@example.com' (password len=8)
A brute force attack to the server.
Install a software which protects a server from the Brute Force Attacks:
Install Fail2Ban according to the article How to install fail2ban on Plesk for Linux.
Go to Plesk > Tools & Settings > IP Address Banning (Fail2Ban).
Mark the Enable intrusion detection checkbox and specify the following settings:
IP address ban period – the time interval in seconds for which an IP address is banned. When this period is over, the IP address is automatically unbanned.
Time interval for detection of subsequent attacks - the time interval in seconds during which the system counts the number of unsuccessful login attempts and other unwanted actions from an IP address.
Number of failures before the IP address is banned – the number of failed login attempts from the IP address.
Activate Fail2Ban service by clicking the Apply button.
Go to Jails tab.
Mark plesk-dovecot, plesk-horde, plesk-roundcube, plesk-postfix and recidive jails and press the Switch On button to turn the selected jails on.
To prevent brute force attack, install analog of Fail2ban as Fail2ban only available to Linux systems, for example, ts_block.
In order to verify whether your server is secured from the abuse, check the following article:
Additionally, to limit brute force attempts configure MailEnable to block abuser IP in Connection dropping under MailEnableAdmin > Server > Services and Connector > right-click on SMTP > Properties > Security tab: