Solution to what?
You have a mail server installed. Someone, presumably a spammer based on the abuse report referenced above, tried to send mail. Look at the mail log (or the journal for the postfix unit) to find out what happened with the mail they tried to send. But, so far, I don’t see evidence of a problem, so I have no idea what you’re trying to solve.
I have many records with this ip. Can I do something to protect the vps?
y 12 18:24:21 vps-server postfix/smtpd[18879]: warning: modemcable098.146-70-69.static.videotron.ca[69.70.146.98]: SASL LOGIN authentication failed: authentication failure
May 12 18:24:24 vps-server postfix/smtpd[18879]: warning: modemcable098.146-70-69.static.videotron.ca[69.70.146.98]: SASL LOGIN authentication failed: authentication failure
May 12 18:24:26 vps-server postfix/smtpd[18879]: warning: modemcable098.146-70-69.static.videotron.ca[69.70.146.98]: SASL LOGIN authentication failed: authentication failure
May 12 18:24:28 vps-server postfix/smtpd[18879]: warning: modemcable098.146-70-69.static.videotron.ca[69.70.146.98]: SASL LOGIN authentication failed: authentication failure
May 12 18:24:31 vps-server postfix/smtpd[18879]: warning: modemcable098.146-70-69.static.videotron.ca[69.70.146.98]: SASL LOGIN authentication failed: authentication failure
May 12 18:24:33 vps-server postfix/smtpd[18879]: warning: modemcable098.146-70-69.static.videotron.ca[69.70.146.98]: SASL LOGIN authentication failed: authentication failure
I told you my friend
You have ConfigServer Security and Firewall
Block the ip or range or the ASN. See my previous message
Probably just a false positive, I ran into this when I was running csf. This issue has nothing to do with the IP but the executable.
check this to whitelist it.
its similar to this question on there forum
https://forum.configserver.com/viewtopic.php?t=7047
As I said, if you’re going to add/change big stuff on your Virtualmin system, you should read the documentation for that stuff and understand it. Virtualmin includes fail2ban which can block IPs that repeatedly have failed authentication (and, I think it’s enabled for SASL by default, but if not it’s one quick config change to make it so), but you’ve installed a different tool with that functionality, and I guess you have not configured it to respond to failed SASL authentication requests. I don’t know if fail2ban and CSF/LFD can co-exist peacefully, but I’m going to guess CSF and firewalld cannot, so I think you’re going to have to configure everything yourself.
Again, I really recommend you understand what you’re doing before you go off-roading.
the csf install script turns fail2ban off during install from memory. (and pretty sure firewallD and uses iptables.)
So, there you go. OP, removed all the stuff that would have solved this easily (though a few failed auth attempts isn’t exactly a disaster), so now they need to read some documentation.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.