Horde can receive email but unable to send and there are many failed authentication attempts in mail log

Created:

2016-11-16 12:57:53 UTC

Modified:

2017-08-08 13:33:34 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Horde can receive email but unable to send and there are many failed authentication attempts in mail log

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux

Symptoms

  • Horde can receive email but unable to send.

  • There are a lot of attempts to establish SMTP connection in /var/log/maillog

    Sep 16 21:38:59 test_vm smtp_auth[30971]: FAILED: root - password incorrect from srv1.example.com [203.0.113.2]
    Sep 16 21:39:01 test_vm smtp_auth[30984]: SMTP connect from srv1.example.com [203.0.113.2]
    Sep 16 21:39:01 test_vm smtp_auth[30985]: SMTP connect from srv1.example.com [203.0.113.2]
    Sep 16 21:39:01 test_vm smtp_auth[30984]: FAILED: user - password incorrect from srv1.example.com [203.0.113.2]
    Sep 16 21:39:01 test_vm smtp_auth[30985]: FAILED: root - password incorrect from srv1.example.com [203.0.113.2]

Cause

Server is under bruteforce attack.

Resolution

Install and configure Fail2Ban service:

  1. Install Fail2Ban component using Plesk autoinstaller
  2. Activate mail-related jails under Plesk > Tools&Settings > IP Address Banning (Fail2Ban) > Jails . The following jails are recommended to be activated:

    plesk-courierimap

    plesk-horde

    plesk-qmail

    plesk-roundcube

  3. Switch on IP Address Banning under Plesk > Tools&Settings > IP Address Banning (Fail2Ban) and wait for several minutes until bruteforcing IP addresses are banned.

Have more questions? Submit a request
Please sign in to leave a comment.