At 02:57 PM 9/2/2019, you wrote:
Hi,
>Sep 1 21:44:46 hst postfix/smtpd[28571]: connect from
unknown[101.89.216.243] Sep 1 21:44:51 hst postfix/smtpd[28571]:
warning: unknown[101.89.216.243]: SASL LOGIN authentication
failed: UGFje8vcmQ6
>
>What port is this being conducted on?
>
>Is this smtp port 25?
SASL is usually used on the submission port, 587.
Do you have SASL enabled on port 25? If so, it's a good idea to only
leave it enabled on port 587.
I am not sure if I do. I don't see anything in my
/etc/dovecot/dovecot.conf file relating to sasl ports (or in any of
the dovecot/conf.d/* files).
I've revised my iptables port blocking to see if blocking 587 stops
the login attempts.
Anybody know what settings in Dovecot/CentOS might relate to this?
So I assume port 587 is an alternative smtp port, usually reserved
for localized traffic? Blocking it won't affect normal mail flow?
- Mike
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
