- Plesk Onyx for Linux
- Plesk Onyx for Windows
The following record appears every second in
plesk_saslauthd: failed mail authenticatication attempt for user 'firstname.lastname@example.org' (password len=7)plesk_saslauthd: failed mail authenticatication attempt for user 'email@example.com' (password len=8)
postfix/smtpd: warning: unknown[203.0.113.2]: SASL LOGIN authentication failed: authentication failure
The server is under brute force attack.
Install software which protects the server from the Brute Force Attacks:
Install Fail2Ban according to the article How to install fail2ban on Plesk for Linux.
Go to Plesk > Tools & Settings > IP Address Banning (Fail2Ban).
Mark the Enable intrusion detection checkbox and specify the following settings:
IP address ban period – the time interval in seconds for which an IP address is banned. When this period is over, the IP address is automatically unbanned.
Time interval for detection of subsequent attacks - the time interval in seconds during which the system counts the number of unsuccessful login attempts and other unwanted actions from an IP address.
Number of failures before the IP address is banned – the number of failed login attempts from the IP address.
Activate Fail2Ban service by clicking the Apply button.
Go to Jails tab.
Mark plesk-dovecot, plesk-horde, plesk-roundcube, plesk-postfix and recidive jails and press the Switch On button to turn the selected jails on.
To prevent brute force attack, install analog of Fail2ban as Fail2ban only available to Linux systems, for example, ts_block.
In order to verify whether or not the server is vulnerable to this threat, check the following article:
Additionally, to limit brute force attempts, configure MailEnable to block abuser IP:
- Connect to the server via RDP;
- Go to Windows > MailEnableAdmin > Connection dropping > Server > Services and Connector > right-click on SMTP > Properties > Security tab: