Multiple SASL authentication failures.

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
heiny
Forum User
Forum User
Posts: 14
Joined: Fri May 20, 2016 12:24 pm
Location: Canada

Multiple SASL authentication failures.

Unread post by heiny »

Anyone else get a ton of Multiple SASL authentication failures since the last ASL update ?

Rules HIDs : 3357-3358-3359-3360

Image
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4119
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Multiple SASL authentication failures.

Unread post by mikeshinn »

Can you send us your alerts.log file? /var/ossec/logs/alerts/alerts.log
heiny
Forum User
Forum User
Posts: 14
Joined: Fri May 20, 2016 12:24 pm
Location: Canada

Re: Multiple SASL authentication failures.

Unread post by heiny »

Sorry for the waiting, we were investigating this issue.

Every "false" positive we got are from Outlook 2007; postfix/smtpd[3349]: warning: CUSTOMER-IP: SASL DIGEST-MD5 authentication failed: authentication failure

So we asked each of our customer who's using Outlook 2007 to modify their SMTP address from our server name to their domain name.

We got the idea to test that from this old post : https://talk.plesk.com/threads/outlook- ... sue.70571/

Long story short, Plesk issue, not ASL.
Post Reply