[CWP] SASL Failed Login

Hi there, I’ve been using CentOS Web Panel for a couple of years and it’s amazing what and how a simple panel can accomplish. CentOS Web Panel is a excellent panel to manage: domain names & subdomains, databases, users and email accounts. It gives you full control over your own web server, including latest PHP & Apache versions. Well, today I want to share a way to block failed login email attempts through CSF (Config Server Firewall) to avoid several attacks to your email accounts or clients email accounts in an automatic way.

Step #1: Edit CSF Config File

You need to define the log file in order to CSF check and block those IP addresses. I’ll use “nano” to edit the file, you can use your favorite editor.

nano /etc/csf/csf.conf

Add the email as the CUSTOM2_LOG:

CUSTOM2_LOG = "/var/log/maillog"

Step #2: Edit Regex Custom Rules

You need to add a custom regex rule to the CSF Custom Rules File:

nano /usr/local/csf/bin/regex.custom.pm

Add the below rule between “Do not edit before this point” and “Do not edit beyond this point“.

if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
    return ("Failed SASL login from",$1,"mysaslmatch","3","25","1");
}

Step #3: Restart the Firewall

Lastly, restart the firewall:

csf -r

Results

Want to know even more about it? Doubts? Leave a comment.

 379 total views,  1 views today


This is a honest review, as you can see there's no ads, affiliate links nor warez content on my blog. All reviews of servers, apps, devices and tools are original content generated by myself. There's not any commercial influence on my blog content from any company nor project developers.

[CWP] SASL Failed Login

Share and Enjoy!

0 0 vote
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Jimmy
Jimmy
1 year ago

Finally! It actually works!

Scroll to top