Many of 'failed mail authenticatication' in /var/log/maillog




  • Avatar
    Larry Nedry

    Fail2Ban won't work for this issue as the log entry does not include the IP address of the attacker.

  • Avatar
    Konstantin Annikov


    Thank you for bringing our attention to the article.

    In fact, the mentioned log entry is followed by another one from postfix like that: 

    Feb 28 12:49:24 example postfix/smtpd[14640]: warning: unknown[]: SASL LOGIN authentication failed: authentication failure

    So, fail2ban will work in this case.
    I have edited the article and added the log entry. 

Please sign in to leave a comment.

Have more questions? Submit a request