[CWP] SASL Failed Login

Hi there, I’ve been using CentOS Web Panel for a couple of years and it’s amazing what and how a simple panel can accomplish. CentOS Web Panel is a excellent panel to manage: domain names & subdomains, databases, users and email accounts. It gives you full control over your own web server, including latest PHP & Apache versions. Well, today I want to share a way to block failed login email attempts through CSF (Config Server Firewall) to avoid several attacks to your email accounts or clients email accounts in an automatic way.

Step #1: Edit CSF Config File

You need to define the log file in order to CSF check and block those IP addresses. I’ll use “nano” to edit the file, you can use your favorite editor.

nano /etc/csf/csf.conf

Add the email as the CUSTOM2_LOG:

CUSTOM2_LOG = "/var/log/maillog"

Step #2: Edit Regex Custom Rules

You need to add a custom regex rule to the CSF Custom Rules File:

nano /usr/local/csf/bin/regex.custom.pm

Add the below rule between “Do not edit before this point” and “Do not edit beyond this point“.

if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
    return ("Failed SASL login from",$1,"mysaslmatch","3","25","1");

Step #3: Restart the Firewall

Lastly, restart the firewall:

csf -r


Want to know even more about it? Doubts? Leave a comment.

 1,041 total views,  2 views today

This is a honest review, as you can see there's no ads, affiliate links nor warez content on my blog. All reviews of servers, apps, devices and tools are original content generated by myself. There's not any commercial influence on my blog content from any company nor project developers. Support my website to ensure it stays that way

[CWP] SASL Failed Login
0 0 votes
Article Rating
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
1 month ago

can you please explain what you code do ?

3 years ago

Finally! It actually works!

Scroll to top