[CentOS] Problem with mail server: stop flooding with fail2ban ?

Wed Mar 31 08:20:55 UTC 2021
Jamie Burchell <mail at jamieburchell.com>

Sorry, re-read your question and realise my suggestion would only help you get SASL authentication working.

> On 31 Mar 2021, at 09:19, Jamie Burchell <mail at jamieburchell.com> wrote:
> 
> I'm pretty sure I encountered this and needed to yum install cyrus-sasl-plain to resolve it.
> 
>> On 29 Mar 2021, at 20:31, Nicolas Kovacs <info at microlinux.fr> wrote:
>> 
>> Hi,
>> 
>> My main mail server is running CentOS 7 with Postfix and Dovecot.
>> 
>> Last week I was surprised to see that Postfix had some troubles on this
>> machine, according to Icinga. I took a peek at the logs:
>> 
>> # journalctl -p err
>> Mar 28 04:37:02 sd-151768 postfix/smtpd[2786]: fatal: no SASL authentication
>> mechanisms
>> Mar 28 04:37:02 sd-151768 postfix/smtpd[2788]: fatal: no SASL authentication
>> mechanisms
>> Mar 28 04:37:02 sd-151768 postfix/smtpd[2790]: fatal: no SASL authentication
>> mechanisms
>> Mar 28 04:37:02 sd-151768 postfix/smtpd[2792]: fatal: no SASL authentication
>> mechanisms
>> Mar 28 04:37:02 sd-151768 postfix/smtpd[2794]: fatal: no SASL authentication
>> mechanisms
>> ...
>> 
>> And in /var/log/maillog I found a tsunami of these:
>> 
>> Mar 28 03:18:33 sd-151768 postfix/smtpd[29589]: warning:
>> unknown[45.227.253.115]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
>> Mar 28 03:18:33 sd-151768 postfix/smtpd[29589]: lost connection after AUTH from
>> unknown[45.227.253.115]
>> Mar 28 03:18:33 sd-151768 postfix/smtpd[29589]: disconnect from
>> unknown[45.227.253.115]
>> 
>> My first reaction was to manually ban the IP addresses / networks which caused
>> the flood, using my firewall:
>> 
>> # firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source
>> address='45.227.253.0/24' reject"
>> # firewall-cmd --reload
>> 
>> I'm already using fail2ban in conjunction with firewalld to prevent brute force
>> SSH attacks.
>> 
>> Q: can I use it in a similar configuration to stop Postfix from getting flooded
>> and brought down to its knees?
>> 
>> Thanks & cheers from the sunny South of France,
>> 
>> Niki
>> 
>> -- 
>> Microlinux - Solutions informatiques durables
>> 7, place de l'église - 30730 Montpezat
>> Site : https://www.microlinux.fr
>> Blog : https://blog.microlinux.fr
>> Mail : info at microlinux.fr
>> Tél. : 04 66 63 10 32
>> Mob. : 06 51 80 12 12
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos